← Back to home
ICSA-17-313-02  ·  Published 2017-11-09  ·  View on CISA ICS-CERT ↗

Schneider Electric InduSoft Web Studio and InTouch Machine Edition

CVSS 9.8 CRITICAL

Risk Summary

ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available.

CVEs (1)

Remediations

  • Users using InduSoft Web Studio v8.0 SP2 Patch 1 or prior versions are affected and should upgrade and apply InduSoft Web Studio v8.1 as soon as possible.
  • Users using InTouch Machine Edition v8.0 SP2 Patch 1 or prior versions are affected and should upgrade and apply InTouch Machine Edition 2017 v8.1 as soon as possible.
  • Schneider Electric has also released Security Bulletin LFSEC00000124

Affected Vendors

Schneider Electric Software, LLC

Affected Products (2)

Schneider Electric Software, LLC · InTouch Machine Edition <= 8.0 SP2 Patch 1
Schneider Electric Software, LLC · InduSoft Web Studio <= 8.0 SP2 Patch 1

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems, and Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more