ICSA-18-107-01
·
Published 2018-04-17
·
View on CISA ICS-CERT ↗
Schneider Electric InduSoft Web Studio and InTouch Machine Edition
CVSS 9.8
CRITICAL
Risk Summary
Successful exploitation of this vulnerability during tag, alarm, or event related actions could allow remote code execution that, under high privileges, could completely compromise the device.
CVEs (1)
Remediations
- Users using InduSoft Web Studio v8.1 or prior versions are affected and should upgrade and apply InduSoft Web Studio v8.1 SP1 as soon as possible.
- Users using InTouch Machine Edition 2017 v8.1 or prior versions are affected and should upgrade and apply InTouch Machine Edition 2017 v8.1 SP1 as soon as possible.
- Schneider Electric Software, LLC has also released Security Bulletin LFSEC00000125 that can be found at:
Affected Vendors
Schneider Electric Software, LLC
Affected Products (2)
Schneider Electric Software, LLC
·
InTouch Machine Edition 2017
<= 8.1
Schneider Electric Software, LLC
·
InduSoft Web Studio
<= 8.1
Affected Sectors
Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems, and Water and Wastewater Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more