A high-severity vulnerability has been discovered in multiple INVT products, specifically within the HMITool software. An attacker could exploit this flaw by sending a specially crafted file, allowing them to remotely execute malicious code and gain full control of the affected system, potentially disrupting industrial operations and leading to data compromise.

The vulnerability is an out-of-bounds write that occurs when the INVT HMITool software processes a malformed VPM project file. An attacker can create a malicious VPM file that, when opened by the software, writes data outside of the intended memory buffer. This memory corruption can be leveraged by the attacker to overwrite critical program data, hijack the application's control flow, and ultimately execute arbitrary code on the host system with the privileges of the user running the HMITool application.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could lead to significant business disruption, especially in Operational Technology (OT) environments where INVT products are commonly deployed. An attacker achieving remote code execution could manipulate or halt industrial processes, steal sensitive intellectual property or operational data, install ransomware, or use the compromised host as a pivot point to launch further attacks against the internal network. The potential consequences include financial loss, reputational damage, and risks to operational safety.

Immediate Action: Organizations must identify all systems running the vulnerable INVT HMITool software and apply the security patches provided by the vendor immediately, prioritizing any systems that are internet-facing or have a direct path from less trusted networks. After patching, it is crucial to review application and system access logs for any signs of compromise preceding the update.

Proactive Monitoring: Security teams should implement enhanced monitoring focused on the HMITool application. This includes monitoring network traffic for the transfer of VPM files from untrusted sources, setting up alerts for application crashes or unexpected behavior of the HMITool process, and scrutinizing endpoint logs for suspicious child processes spawned by HMITool.exe.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. These include using network segmentation to isolate Human-Machine Interface (HMI) systems from the corporate network and the internet, implementing application control (whitelisting) to prevent the execution of unauthorized software, and restricting the ability of users to receive or open VPM files from external or untrusted sources.

Public Exploit Available: False

Given the high severity score and the risk of remote code execution, this vulnerability poses a significant threat to organizations utilizing affected INVT products. We strongly recommend that all affected assets be identified and patched on an urgent basis. While there is no current evidence of active exploitation, the potential impact, particularly on critical industrial control systems, warrants immediate and decisive action. Organizations should treat this as a critical priority and apply the recommended remediation and monitoring controls without delay.