INVT VT-Designer and HMITool

Monitor7.8ICS-CERT ICSA-25-238-01Aug 26, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

INVT VT-Designer versions up to 2.1.13 and HMITool versions up to 7.1.011 contain memory corruption (CWE-787) and type confusion (CWE-843) vulnerabilities that could allow arbitrary code execution in the context of the current process. The vulnerabilities are not remotely exploitable and require local access to an affected machine. INVT did not respond to CISA's coordination attempts and has not released patches. No known public exploitation has been reported.

What this means

What could happen

An attacker with local access to a machine running VT-Designer or HMITool could execute arbitrary code with the privileges of the logged-in user, potentially altering or stopping process control and monitoring functions in manufacturing plants.

Who's at risk

Manufacturing organizations that use INVT's VT-Designer (version 2.1.13) or HMITool (version 7.1.011) for engineering and human-machine interface control should be concerned. These products are typically installed on engineering workstations, supervisory computers, and operator consoles in production facilities.

How it could be exploited

An attacker must gain local access to an engineering workstation or operator console running VT-Designer or HMITool, then exploit a memory corruption vulnerability (CWE-787) or type confusion (CWE-843) to execute arbitrary code within the application's process context. The attacker would likely need to trick a user into interacting with a malicious file or perform actions on the compromised machine.

Prerequisites

Local access to machine running VT-Designer or HMITool
User interaction required (likely opening a malicious file or project)
Valid user account with permission to run the application

no patch availablememory corruption vulnerability (CWE-787)type confusion vulnerability (CWE-843)affects engineering and control system softwarevendor non-responsive to disclosure

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

VT-Designer: 2.1.132.1.13No fix (EOL)

HMITool: 7.1.0117.1.011No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement network segmentation: isolate engineering workstations and HMI consoles running VT-Designer or HMITool from business networks and the Internet

HARDENINGRestrict physical and remote access to machines running VT-Designer or HMITool; limit use to authorized engineering staff only

HOTFIXContact INVT directly to determine if patches or workarounds are available

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to these tools is required, use a VPN with multi-factor authentication and keep VPN client/server software updated

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: VT-Designer: 2.1.13, HMITool: 7.1.011. Apply the following compensating controls:

HARDENINGMonitor for suspicious activity on machines running VT-Designer or HMITool, including unusual process execution or file access

CVEs (9)

CVE-2025-7223 CVE-2025-7224 CVE-2025-7225 CVE-2025-7226 CVE-2025-7227 CVE-2025-7228 CVE-2025-7229 CVE-2025-7230 CVE-2025-7231

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7247944e-9f3c-4415-933f-f6cee0f020d2