The NCCIC has published an advisory on an uncontrolled search path element in AVEVA InduSoft Web Studio and InTouch Edge HMI. InduSoft Web Studio versions prior to v8.1 SP3 and InTouch Edge HMI versions prior to 2017 Update 3 are affected. Successful exploitation of this vulnerability could allow execution of unauthorized code or commands AVEVA recommends that users upgrade to the latest versions. The NCCIC also recommends a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.