← Back to home
ICSA-17-264-01  ·  Published 2017-09-21  ·  View on CISA ICS-CERT ↗

Schneider Electric InduSoft Web Studio, InTouch Machine Edition

CVSS 9.8 CRITICAL

Risk Summary

ATTENTION: Remotely exploitable/low skill level to exploit.

CVEs (1)

Remediations

  • Schneider Electric recommends users using InduSoft Web Studio v8.0 SP2 or prior should upgrade and apply InduSoft Web Studio v8.0 SP2 Patch 1 as soon as possible.
  • Schneider Electric recommends users using InTouch Machine Edition v8.0 SP2 or prior should upgrade and apply InTouch Machine Edition v8.0 SP2 Patch 1 as soon as possible.
  • For more information on this vulnerability and associated patch, please see InduSoft Security Bulletin LFSEC00000121 on the Schneider Electric cybersecurity web site

Affected Vendors

Schneider Electric Software, LLC

Affected Products (2)

Schneider Electric Software, LLC · InduSoft Web Studio < 8.0 SP2
Schneider Electric Software, LLC · InTouch Machine Edition < 8.0 SP2

Affected Sectors

Critical Manufacturing, Energy, Healthcare and Public Health, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more