Menu
Schneider Electric patches vulnerable applications

Schneider Electric patches vulnerable applications

After Tenable found remote code execution vulnerability

A remote code execution vulnerability found in two Schneider Electric applications, InduSoft Web Studio and InTouch Machine Edition, has been revealed by cyber security vendor Tenable.

These applications are used by industries such as in manufacturing, oil and gas, water, automation, wind and solar power facilities in the United States.

According to Tenable's researchers, cyber criminals exploiting the vulnerabilities could gain complete control of the underlying system.

If compromised, the system could allow cyber criminals to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. The worst case scenario would see attackers able use the vulnerability to disrupt or even cripple plant operations.

"Digital transformation has made its way to critical infrastructure, connecting once-isolated systems to the outside world,” Tenable chief product officer Dave Cole said. “This Schneider Electric vulnerability is particularly concerning because of the potential access it grants cyber criminals looking to do serious damage to systems that quite literally power our communities.

"Tenable Research is focused on assessing, analysing and reducing the industry’s overall cyber exposure across the modern computing environment — be it cloud, IT, IoT or OT [operational technology]. Solving this growing problem requires us to come together as an industry and we commend Schneider Electric at the speed they released a patch to remediate this critical issue."

Patches for the automation tool InduSoft Web Studio and scalable HMI client InTouch Machine Edition have been released.

Customers using InduSoft Web Studio v8.1 or prior versions are affected and should upgrade and apply InduSoft Web Studio v8.1 SP1 as soon as possible. 

Customers using InTouch Machine Edition 2017 v8.1 or prior versions are affected and should upgrade and apply InTouch Machine Edition 2017 v8.1 SP1 as soon as possible.



Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Schneider ElectricvulnerabilityTenable

Featured

Slideshows

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News honoured the industry’s finest on a standout evening for the New Zealand channel, recognising the achievements of established partners, emerging players and innovative start-ups, in front of over 460 technology leaders in Auckland.

Reseller News Innovation Awards 2018: meet the top performing partners
Champagne Reception kicks off Reseller News Innovation Awards 2018

Champagne Reception kicks off Reseller News Innovation Awards 2018

More than 460 channel leaders came together to toast the top performers of the New Zealand industry, during the opening Champagne Reception at the Reseller News Innovation Awards 2018 - in association with Techbuyer.

Champagne Reception kicks off Reseller News Innovation Awards 2018
Chasing innovation: how Kiwi partners can create a new customer agenda

Chasing innovation: how Kiwi partners can create a new customer agenda

This exclusive Reseller News Roundtable - in association with Rhipe and Microsoft - detailed a blueprint for customer success, outlining the new role of the modern-day partner and wider network in New Zealand.

Chasing innovation: how Kiwi partners can create a new customer agenda
Show Comments