Risk Summary
Successful exploitation of this vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as those of the InTouch View process which could lead to a compromise of the InTouch HMI.Systems are only vulnerable if the operating system locales do not use a dot floating point separator.
CVEs (1)
Remediations
- InTouch 2014 R2 SP1 - Apply HF-11_1_SP1/CR149705 as soon as possible. Those using versions of InTouch older than 2014 R2 SP1 should first upgrade to a supported version of InTouch and then apply the corresponding hotfix.
- InTouch 2017 Update 2 - Apply HF-17_2/CR149706 as soon as possible. Those using InTouch 2017 or 2017 Update 1 should first upgrade to InTouch 2017 Update 2, then apply HF-17_2/CR149706.
- For more information AVEVA has released a Security Bulletin
- To contact AVEVA support visit https://softwaresupport.aveva.com/
Affected Vendors
AVEVA Software, LLC
Affected Products (4)
AVEVA Software, LLC
·
InTouch
<=2014 R2 SP1
AVEVA Software, LLC
·
InTouch
<=2017 Update 2
AVEVA Software, LLC
·
InTouch
2017
AVEVA Software, LLC
·
InTouch
2017 Update 1
Affected Sectors
Critical Manufacturing, Energy, Food and Agriculture, Chemical, and Water and Wastewater
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more