OTPulse
FeedAboutContact

AVEVA Edge products (formerly known as InduSoft Web Studio)

Plan Patch7.3ICS-CERT ICSA-24-032-03Feb 1, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

AVEVA Edge versions 2020 R2 SP2 and earlier contain an unsafe DLL loading vulnerability (CWE-427) that allows an attacker with local access to achieve arbitrary code execution and privilege escalation by tricking the application into loading a malicious DLL. The attacker must have local access to the system and user interaction is required to trigger the vulnerability. AVEVA recommends upgrading to AVEVA Edge 2023 or applying patch AVEVA Edge 2020 R2 SP2 P01. No public exploitation of this vulnerability has been reported.

What this means
What could happen
An attacker with local access to an AVEVA Edge workstation could execute arbitrary code with the privileges of the logged-in user, potentially gaining full control of the engineering environment and ability to modify industrial process configurations.
Who's at risk
Organizations running AVEVA Edge engineering workstations (formerly InduSoft Web Studio) on Windows systems used for HMI development, monitoring, and control of water treatment plants, power systems, and other industrial processes. This affects engineering staff and any user with local access to these workstations.
How it could be exploited
An attacker must have local access to the AVEVA Edge system and trick the application into loading a malicious DLL from an attacker-controlled location (such as via social engineering to open a file or navigate to a directory). When AVEVA Edge loads the unsafe DLL, the attacker's code runs with the user's privileges.
Prerequisites
  • Local access to the AVEVA Edge workstation
  • Valid user account logged into AVEVA Edge
  • User interaction required (tricking the user to load a file or navigate to attacker-controlled directory)
  • Vulnerable version running (AVEVA Edge 2020 R2 SP2 or earlier)
Local access only (not remotely exploitable)User interaction requiredLow complexity exploitationAffects engineering workstations that control critical infrastructure
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
AVEVA Edge: <=2020_R2_SP2≤ 2020 R2 SP22023 or AVEVA Edge 2020 R2 SP2 P01
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade AVEVA Edge to version 2023 or apply patch AVEVA Edge 2020 R2 SP2 P01
WORKAROUNDImplement application whitelisting on AVEVA Edge workstations to prevent unauthorized DLL execution
Long-term hardening
0/2
HARDENINGRestrict local access to AVEVA Edge workstations and limit user accounts to engineering staff only
HARDENINGTrain users not to open files or navigate to directories from untrusted sources when working with AVEVA Edge
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fb039e8d-77f2-45d8-a15f-062469c4f8df