A critical remote code execution vulnerability has been discovered in two Schneider Electric applications heavily used in manufacturing, oil and gas, water, automation and wind and solar power facilities. The vulnerability, discovered by cyber exposure company Tenable, could, if exploited, give cyber criminals complete control of the underlying system. Attackers would also be able to use the compromised system to move laterally through the network, exposing additional systems to attack. In a worst case scenario, attackers could use the vulnerability to disrupt or cripple plant operations. The vulnerability impacts InduSoft Web Studio, an automation tool used to develop human-machine interfaces…
[Continue Reading]