A high-severity vulnerability has been discovered in multiple INVT products, specifically within the HMITool software. An attacker could exploit this flaw by tricking a user into opening a malicious file, which would allow the attacker to execute arbitrary code and take full control of the affected system. This could lead to the compromise of sensitive industrial control data, disruption of operations, or further network intrusion.

This vulnerability is an out-of-bounds write that occurs within the INVT HMITool software when it parses a specially crafted VPM project file. An attacker can create a malicious VPM file with malformed data structures. When a victim opens this file, the parsing function attempts to write data to a memory location outside of the allocated buffer, causing a memory corruption condition. A skilled attacker can control the data and the location of this write to overwrite critical program data, such as function pointers, to hijack the application's control flow and achieve remote code execution (RCE) with the same privileges as the user running the software.

This is a High severity vulnerability with a CVSS score of 7.8. Successful exploitation could lead to a complete compromise of the engineering workstation or Human-Machine Interface (HMI) terminal. The business impact includes the potential for theft of intellectual property (such as proprietary project files), installation of ransomware or spyware, and disruption of critical industrial processes controlled by the HMI. In an Operational Technology (OT) environment, this could result in production downtime, equipment damage, and significant financial loss.

Immediate Action: Apply the security patches provided by INVT immediately, prioritizing systems that are internet-facing or connected to less trusted networks. After patching, review system and application access logs for any signs of compromise or unusual activity preceding the patch deployment.

Proactive Monitoring: Implement enhanced monitoring on workstations running HMITool. Look for application crashes or errors related to HMITool in system event logs. Monitor network traffic for unusual outbound connections from these workstations, which could indicate a command-and-control channel. Use an Endpoint Detection and Response (EDR) solution to alert on suspicious process creation originating from the HMITool process (e.g., HMITool spawning cmd.exe or powershell.exe).

Compensating Controls: If patching cannot be performed immediately, implement the following controls:

• Network Segmentation: Isolate HMI workstations from the general corporate network and restrict their access to the internet.
• User Training: Instruct users to not open VPM files from untrusted sources, such as email attachments or web downloads.
• Application Control: Use application whitelisting to prevent the HMITool process from executing other programs or scripts.

Public Exploit Available: false

This vulnerability poses a significant risk to organizations utilizing affected INVT products, particularly in critical infrastructure and manufacturing sectors. The primary recommendation is to apply the vendor-supplied patches as a matter of urgency. While this CVE is not currently on the CISA KEV catalog, its high severity rating justifies immediate attention. For systems where patching is delayed, the implementation of compensating controls, especially network isolation and user awareness, is critical to reduce the attack surface and mitigate the risk of a compromise that could impact operational integrity.