Schneider Electric Patches Critical RCE Vulnerability


Researchers discovered a critical remote code execution vulnerability in two Schneider Electric industrial control related products that could give attackers the ability to disrupt or shut down plant operations.

Tenable Research, who discovered the vulnerability (CVE-2018-8840) and created a proof-of-concept attack scenario, said that the bug was in Schneider Electric products – InduSoft Web Studio and InTouch Machine Edition. Schneider Electric has since issued patches for the vulnerability.

Read more…
Source: ThreatPost