Menu
Schneider Electric patches vulnerable applications

Schneider Electric patches vulnerable applications

After Tenable found remote code execution vulnerability

A remote code execution vulnerability found in two Schneider Electric applications, InduSoft Web Studio and InTouch Machine Edition, has been revealed by cyber security vendor Tenable.

These applications are used by industries such as in manufacturing, oil and gas, water, automation, wind and solar power facilities in the United States.

According to Tenable's researchers, cyber criminals exploiting the vulnerabilities could gain complete control of the underlying system.

If compromised, the system could allow cyber criminals to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. The worst case scenario would see attackers able use the vulnerability to disrupt or even cripple plant operations.

"Digital transformation has made its way to critical infrastructure, connecting once-isolated systems to the outside world,” Tenable chief product officer Dave Cole said. “This Schneider Electric vulnerability is particularly concerning because of the potential access it grants cyber criminals looking to do serious damage to systems that quite literally power our communities.

"Tenable Research is focused on assessing, analysing and reducing the industry’s overall cyber exposure across the modern computing environment — be it cloud, IT, IoT or OT [operational technology]. Solving this growing problem requires us to come together as an industry and we commend Schneider Electric at the speed they released a patch to remediate this critical issue."

Patches for the automation tool InduSoft Web Studio and scalable HMI client InTouch Machine Edition have been released.

Customers using InduSoft Web Studio v8.1 or prior versions are affected and should upgrade and apply InduSoft Web Studio v8.1 SP1 as soon as possible. 

Customers using InTouch Machine Edition 2017 v8.1 or prior versions are affected and should upgrade and apply InTouch Machine Edition 2017 v8.1 SP1 as soon as possible.



Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitySchneider ElectricvulnerabilityTenable

Featured

Slideshows

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintained Showcase 2018 momentum in Wellington, hosting more than 40 vendors at TSB Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro maintains Showcase 2018 momentum in Wellington
Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro kickstarted Showcase 2018 in Christchurch, hosting more than 40 vendors at Horncastle Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro launches Showcase 2018 in Christchurch
Data breach notification laws in NZ: How can partners prepare?

Data breach notification laws in NZ: How can partners prepare?

This exclusive Reseller News Roundtable outlined the responsibilities facing security partners today, assessing risk while evaluating the role of the vendor in providing added layers of protection.

Data breach notification laws in NZ: How can partners prepare?
Show Comments