Menu
Schneider Electric patches vulnerable applications

Schneider Electric patches vulnerable applications

After Tenable found remote code execution vulnerability

A remote code execution vulnerability found in two Schneider Electric applications, InduSoft Web Studio and InTouch Machine Edition, has been revealed by cyber security vendor Tenable.

These applications are used by industries such as in manufacturing, oil and gas, water, automation, wind and solar power facilities in the United States.

According to Tenable's researchers, cyber criminals exploiting the vulnerabilities could gain complete control of the underlying system.

If compromised, the system could allow cyber criminals to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. The worst case scenario would see attackers able use the vulnerability to disrupt or even cripple plant operations.

"Digital transformation has made its way to critical infrastructure, connecting once-isolated systems to the outside world,” Tenable chief product officer Dave Cole said. “This Schneider Electric vulnerability is particularly concerning because of the potential access it grants cyber criminals looking to do serious damage to systems that quite literally power our communities.

"Tenable Research is focused on assessing, analysing and reducing the industry’s overall cyber exposure across the modern computing environment — be it cloud, IT, IoT or OT [operational technology]. Solving this growing problem requires us to come together as an industry and we commend Schneider Electric at the speed they released a patch to remediate this critical issue."

Patches for the automation tool InduSoft Web Studio and scalable HMI client InTouch Machine Edition have been released.

Customers using InduSoft Web Studio v8.1 or prior versions are affected and should upgrade and apply InduSoft Web Studio v8.1 SP1 as soon as possible. 

Customers using InTouch Machine Edition 2017 v8.1 or prior versions are affected and should upgrade and apply InTouch Machine Edition 2017 v8.1 SP1 as soon as possible.



Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Schneider ElectricvulnerabilityTenable

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments