A high-severity vulnerability has been discovered in multiple INVT industrial products, specifically within the HMITool software. This flaw allows a remote attacker to execute malicious code and take full control of an affected system by tricking it into processing a specially crafted VPM file. Successful exploitation could lead to the disruption of industrial processes, loss of control over machinery, and a complete system compromise.

The vulnerability is an out-of-bounds write that occurs during the parsing of VPM project files within the INVT HMITool application. An unauthenticated remote attacker can create a malicious VPM file containing specific data that, when opened or processed by the HMITool, causes the application to write data outside of its intended memory buffer. This memory corruption can be leveraged by the attacker to hijack the program's execution flow, resulting in remote code execution with the privileges of the HMITool user.

This vulnerability is rated as High severity with a CVSS score of 7.8. A successful exploit could have a severe impact on business operations, particularly in Operational Technology (OT) environments. An attacker could gain complete control over Human-Machine Interfaces (HMIs), enabling them to manipulate industrial processes, shut down critical operations, cause physical damage to equipment, or create unsafe conditions. Specific risks include production downtime, theft of sensitive intellectual property or process data, and using the compromised HMI as a pivot point to attack deeper within the OT network.

Immediate Action: Apply security patches provided by INVT immediately, prioritizing all internet-facing systems and critical HMIs. After patching, continue to monitor for any signs of exploitation attempts and review system and application access logs for any unauthorized or unusual activity related to VPM file handling.

Proactive Monitoring: Implement enhanced monitoring on network segments containing affected INVT systems. Look for unusual transfers of VPM files, unexpected outbound connections from HMI terminals, and application crash logs related to the HMITool. Use intrusion detection systems (IDS) with signatures that can identify exploit attempts against this vulnerability once they become available.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Network Segmentation: Isolate HMI systems from the internet and from corporate IT networks.
• Access Control: Strictly limit network access to the HMI systems, allowing connections only from trusted engineering workstations.
• File Vetting: Implement a process to scan and validate all VPM files from external or untrusted sources before they are introduced into the OT environment.

Public Exploit Available: false

This vulnerability presents a significant risk to operational technology (OT) environments and must be addressed urgently. We strongly recommend that organizations using affected INVT products prioritize the immediate application of the vendor-supplied security patches. While this CVE is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog, its high CVSS score and the risk of remote code execution in an industrial setting warrant immediate attention. If patching cannot be performed immediately, the compensating controls listed above should be implemented without delay to mitigate the risk of operational disruption and system compromise.