Schneider Electric patches vulnerable applications

Schneider Electric patches vulnerable applications

After Tenable found remote code execution vulnerability

A remote code execution vulnerability found in two Schneider Electric applications, InduSoft Web Studio and InTouch Machine Edition, has been revealed by cyber security vendor Tenable.

These applications are used by industries such as in manufacturing, oil and gas, water, automation, wind and solar power facilities in the United States.

According to Tenable's researchers, cyber criminals exploiting the vulnerabilities could gain complete control of the underlying system.

If compromised, the system could allow cyber criminals to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. The worst case scenario would see attackers able use the vulnerability to disrupt or even cripple plant operations.

"Digital transformation has made its way to critical infrastructure, connecting once-isolated systems to the outside world,” Tenable chief product officer Dave Cole said. “This Schneider Electric vulnerability is particularly concerning because of the potential access it grants cyber criminals looking to do serious damage to systems that quite literally power our communities.

"Tenable Research is focused on assessing, analysing and reducing the industry’s overall cyber exposure across the modern computing environment — be it cloud, IT, IoT or OT [operational technology]. Solving this growing problem requires us to come together as an industry and we commend Schneider Electric at the speed they released a patch to remediate this critical issue."

Patches for the automation tool InduSoft Web Studio and scalable HMI client InTouch Machine Edition have been released.

Customers using InduSoft Web Studio v8.1 or prior versions are affected and should upgrade and apply InduSoft Web Studio v8.1 SP1 as soon as possible. 

Customers using InTouch Machine Edition 2017 v8.1 or prior versions are affected and should upgrade and apply InTouch Machine Edition 2017 v8.1 SP1 as soon as possible.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags vulnerabilityTenable

Brand Post

Channel Roadmap

The Channel Roadmap is a bespoke content hub housing strategic priorities from technology vendors for 2022 and beyond, partners can find the guidance on the key technologies and markets to pursue, to help build a blueprint for future success.

Show Comments

Industry Events

24 May
ARN Exchange
View all events