You are here

Schneider Electric InduSoft Web Studio and InTouch Machine Edition (ICSA-18-107-01) – Products Used in the Water and Wastewater and Energy Sectors

Schneider Electric InduSoft Web Studio and InTouch Machine Edition (ICSA-18-107-01) – Products Used in the Water and Wastewater and Energy Sectors

Created: Wednesday, April 18, 2018 - 17:41
Categories:
Cybersecurity

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Schneider Electric InduSoft Web Studio and InTouch Machine Edition. InduSoft Web Studio v8.1 and prior versions and InTouch Machine Edition 2017 v8.1 and prior versions are affected. Successful exploitation of this vulnerability during tag, alarm, or event related actions could allow remote code execution that, under high privileges, could completely compromise the device. Schneider Electric Software recommends customers using InduSoft Web Studio v8.1 or prior versions upgrade and apply InduSoft Web Studio v8.1 SP1 as soon as possible and that customers using InTouch Machine Edition 2017 v8.1 or prior versions upgrade and apply InTouch Machine Edition 2017 v8.1 SP1 as soon as possible. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.