Altair HyperView Player

Plan Patch7.8ICS-CERT ICSA-22-284-01Oct 11, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

HyperView Player versions 2021.1.0.27 and earlier contain buffer overflow vulnerabilities (CWE-119, CWE-908, CWE-129) that could allow a local attacker to crash the application or execute arbitrary code. The vulnerabilities are not remotely exploitable and require local access to a workstation running the affected software. Successful exploitation could disrupt process monitoring and visualization functions.

What this means

What could happen

An attacker with local access to a workstation running HyperView Player could exploit a buffer overflow vulnerability to crash the application or potentially run arbitrary code, disrupting visualization and monitoring of process data.

Who's at risk

Engineering and control room staff who use Altair HyperView Player for visualization and monitoring of industrial processes, including operators and engineers at water treatment facilities, power plants, and manufacturing operations that rely on HyperView Player for SCADA visualization and process monitoring.

How it could be exploited

An attacker must have local access to a workstation running HyperView Player and convince or trick a user into opening a malicious file or interacting with a crafted input. The vulnerability exists in how the application handles memory buffers, allowing a local attacker to overflow memory and crash the process or execute commands with the privileges of the user running the application.

Prerequisites

Local access to a workstation or server running HyperView Player
User interaction required (opening a malicious file or triggering the vulnerable code path)
Affected versions only: HyperView Player <= 2021.1.0.27

Buffer overflow vulnerability (CWE-119)Local access required (reduces remote risk but increases insider risk)Low complexity exploitationUser interaction requiredAffects engineering workstations and visualization systems

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

HyperView Player - HyperView Player:≤ 2021.1.0.272022.1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local access to workstations running HyperView Player to trusted users only

HARDENINGEducate users not to open files from untrusted sources on HyperView Player workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate HyperView Player to version 2022.1 or later

Long-term hardening

0/1

HARDENINGIsolate HyperView Player workstations on a secure network segment with limited access

CVEs (4)

CVE-2022-2947 CVE-2022-2949 CVE-2022-2950 CVE-2022-2951

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3f723302-35b8-457c-9691-cdf3d4757480