Schneider Electric InduSoft Web Studio / InTouch Machine Edition < 8.1 RCE
Critical Nessus Plugin ID 106228
SynopsisThe Schneider Electric InduSoft Web Studio or InTouch Machine Edition is affected by a remote code execution vulnerability.
DescriptionThe Schneider Electric InduSoft Web Studio (IWS) or InTouch Machine Edition (ITME) running on the remote host is affected by a remote code execution vulnerability due to a stack overflow condition when handling tag subscription. An unauthenticated, remote attacker can exploit this issue, via a specially crafted packet, to execute arbitrary code.
SolutionUpgrade to InduSoft Web Studio version 8.1 or later and InTouch Machine Edition version 8.1 or later.