OTPulse
FeedAboutContact

Inosoft VisiWin

Plan Patch7.8ICS-CERT ICSA-24-151-03May 30, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

VisiWin 7 contains a privilege escalation vulnerability (CWE-276) that allows an attacker with a local user account to gain SYSTEM-level privileges. The vulnerability affects VisiWin versions prior to 2024-1. Successful exploitation grants full administrative control over the HMI workstation and any connected industrial processes.

What this means
What could happen
An attacker with local access and low-level user credentials could gain SYSTEM-level privileges on a VisiWin 7 workstation, allowing full control over the HMI and any connected industrial processes.
Who's at risk
Organizations using Inosoft VisiWin 7 for process visualization and control should be concerned. This affects HMI/SCADA engineering workstations in manufacturing, water treatment, power generation, and other critical infrastructure that rely on VisiWin for operator interface and control.
How it could be exploited
An attacker with local access and a low-privilege user account on a VisiWin 7 system could exploit a privilege escalation flaw to obtain SYSTEM privileges. This would require the attacker to be logged in locally or have a valid user account on the workstation running VisiWin.
Prerequisites
  • Local access to the VisiWin 7 workstation
  • Valid user account with low-level privileges (not SYSTEM)
  • VisiWin version prior to 2024-1
Requires local accessLow attack complexityAffects HMI/control system interfaceNo patch available for VisiWin 7 versions before 2024-1
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
VisiWin 7: <2024-1<2024-12024-1
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict physical and local network access to VisiWin engineering workstations to trusted personnel only
HARDENINGApply principle of least privilege: ensure users run with standard user accounts, not administrator accounts, for day-to-day work
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate VisiWin to version 2024-1 or later
Long-term hardening
0/1
HARDENINGIsolate VisiWin systems from business networks using firewalls and network segmentation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fb74362a-76cc-4f36-8960-aacc47767252
Inosoft VisiWin | CVSS 7.8 - OTPulse