The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Schneider Electric InduSoft Web Studio and InTouch Machine Edition. InduSoft Web Studio v8.1 and prior versions and InTouch Machine Edition 2017 v8.1 and prior versions are affected. Successful exploitation of this vulnerability during tag, alarm, or event related actions could allow remote code execution that, under high privileges, could completely compromise the device. Schneider Electric Software recommends customers using InduSoft Web Studio v8.1 or prior versions upgrade and apply InduSoft Web Studio v8.1 SP1 as soon as possible and that customers using InTouch Machine Edition 2017 v8.1 or prior versions upgrade and apply InTouch Machine Edition 2017 v8.1 SP1 as soon as possible. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
You are here
Related Resources
Jul 28, 2020 in Cybersecurity
Dec 20, 2018 in Cybersecurity