Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Schneider Electric Development Tools Affected by Critical Flaw

Security firm Tenable has disclosed the details of a critical remote code execution vulnerability affecting Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition products.

Security firm Tenable has disclosed the details of a critical remote code execution vulnerability affecting Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition products.

InduSoft Web Studio is a toolset designed for developing human-machine interfaces (HMIs), supervisory control and data acquisition (SCADA) systems and embedded instrumentation solutions, and InTouch Machine Edition is an HMI/SCADA development tool that can be used for both advanced applications and small-footprint embedded devices. The products are used worldwide in the manufacturing, oil and gas, water and wastewater, automotive, building automation, and renewable energy sectors.

The tools are impacted by a stack-based buffer overflow vulnerability that can be exploited without authentication for denial-of-service (DoS) attacks and arbitrary code execution with elevated privileges.

Tenable, whose employees discovered the flaw, reports that a malicious actor could exploit the weakness to gain complete control of the affected system and use it as a pivot point for lateral movement within the network. The company has released technical details and proof-of-concept (PoC) code.

The security hole is related to InduSoft Web Studio and InTouch Machine Edition functionality that allows HMI clients to read and write tags, and monitor alarms and events.

“The vulnerability is similar to CVE-2017-14024 in that it involves calling mbstowcs() in TCPServer.dll. However, this new vulnerability leverages command 50 instead of command 49. The vulnerability can be remotely exploited without authentication and targets the IWS Runtime Data Server service, by default on TCP port 1234,” Tenable explained.

The company says an attacker can exploit the vulnerability remotely if they are able to connect to port 1234 on the targeted machine.

„This means that if the machine is on a private network, the attacker would need to be on the same network. If, however, the machine and the service/port have been opened to the internet, then an attacker can exploit it via the internet,” Tenable Research told SecurityWeek.

Advertisement. Scroll to continue reading.

The vulnerability impacts InduSoft Web Studio v8.1 and prior, and InTouch Machine Edition 2017 v8.1 and prior. Schneider Electric patched the flaw with the release of v8.1 SP1 for both products. The vendor acknowledged the issue on January 28 and released patches on April 6. The security firm has confirmed that the patch works.

The similar vulnerability referenced by Tenable, CVE-2017-14024, was patched by Schneider in September 2017. It also impacted InduSoft Web Studio and InTouch Machine Edition, and allowed remote code execution.

Related: Schneider Electric Fixes Vulnerabilities in HMI Products

Related: Triton Malware Exploited Zero-Day in Schneider Electric Devices

Related: Schneider Electric Patches 16 Flaws in Building Automation Software

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.