The NCCIC has released an advisory on stack-based buffer overflow and empty password in configuration file vulnerabilities in AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition). InduSoft Web Studio versions prior to 8.1 SP2 and InTouch Edge HMI versions prior to 2017 SP2 are affected. Successful exploitation of these vulnerabilities could allow an unauthenticated user to remotely execute code. AVEVA recommends that users upgrade to InduSoft Web Studio v8.1 SP2 and InTouch Edge HMI (formerly InTouch Machine Edition) 2017 SP2 as soon as possible. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.