16 November 2017
Schneider Electric Closes Critical Vulnerability in HMI Products
US ICS-СERT has published an advisory stating that critical vulnerability CWE-121 in Schneider Electric products has been closed by the vendor. This is a stack-based buffer overflow vulnerability that can be exploited by attackers with a low skill level to remotely execute code with elevated privileges.
Schneider Electric has announced the release of updates for the following vulnerable products:
- SCADA/HMI application development platform InduSoft Web Studio v8.0 SP2 and prior versions;
- HMI InTouch Machine Edition v8.0 SP2 and prior versions.
These solutions are widely used by industrial facilities in many countries of the world and in many industries, including industrial manufacturing, electric power, water supply, automotive, oil and gas, building automation, etc.
Cryptographic deadly sins and the security of Modicon M100/M200/M221
28 January 2021
From buffer overflow to switchboard setup errors: vulnerabilities in building operation software by Schneider Electric
27 January 2021
Twentieth for Ripple20: Vulnerability in embedded web server of I/O expansion modules for IoT
26 January 2021