The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in AVEVA InduSoft Web Studio and InTouch Machine Edition. For InduSoft Web Studio, v8.1 and v8.1SP1 are affected. For InTouch Machine Edition, V2017 8.1 and v2017 8.1 SP1 are affected. These products are vulnerable only if the TCP/IP Server Task is enabled. A remote attacker could send a carefully crafted packet during a tag, alarm, or event related action such as read and write, which may allow remote code execution. AVEVA has released updates for each of the products and recommends users apply these as soon as possible. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.