CVE-2017-13997

Name of the Vulnerable Software and Affected Versions Schneider Electric InduSoft Web Studio versions 8.0 SP2 and earlier Schneider Electric InTouch Machine Edition versions 8.0 SP2 and earlier

Description A Missing Authentication for Critical Function issue allows a remote entity to bypass server authentication and execute arbitrary commands with high privileges, potentially leading to complete server compromise. The issue is related to the authentication procedure for HMI clients in the affected systems.

Recommendations For Schneider Electric InduSoft Web Studio versions 8.0 SP2 and earlier, update to a version later than 8.0 SP2 to resolve the issue. For Schneider Electric InTouch Machine Edition versions 8.0 SP2 and earlier, update to a version later than 8.0 SP2 to resolve the issue. As a temporary workaround, consider restricting access to the script execution functionality on the server to minimize the risk of exploitation.