A high-severity vulnerability has been identified in multiple INVT industrial software products. This flaw allows an attacker to execute malicious code and potentially take full control of a system by tricking a user into opening a specially crafted project file. Successful exploitation could lead to operational disruptions, data theft, and further network compromise.

The vulnerability is an out-of-bounds write condition that occurs when the INVT VT-Designer software parses a malicious PM3 project file. An attacker can create a specially crafted PM3 file that, when opened by a victim, causes the application to write data outside of its intended memory buffer. This memory corruption can be leveraged by the attacker to overwrite critical program data, leading to the execution of arbitrary code with the same privileges as the user running the software.

This vulnerability is rated as High severity with a CVSS score of 7.8. Exploitation could lead to a complete compromise of the engineering workstation or Human-Machine Interface (HMI) where the INVT software is installed. The potential consequences include theft of sensitive project files, unauthorized modification of industrial control processes, system downtime, and the attacker gaining a persistent foothold to move laterally across the corporate or operational technology (OT) network.

Immediate Action: Apply the security patches provided by INVT immediately, prioritizing any internet-facing or otherwise exposed systems. For systems that have been exposed, review access logs and application logs for any suspicious activity related to the processing of PM3 files.

Proactive Monitoring: Implement enhanced monitoring on systems running the affected software. Look for signs of compromise such as the VT-Designer application crashing unexpectedly, unusual child processes spawning from the main application, or unexpected outbound network connections from the host system after a PM3 file has been opened.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Use application whitelisting to prevent unauthorized executables from running.
• Restrict user permissions to limit the impact of a potential compromise.
• Implement network segmentation to isolate vulnerable workstations from critical OT assets.
• Educate users on the risks of opening unsolicited PM3 files from untrusted sources.

Public Exploit Available: false

Given the high severity rating and the potential for remote code execution, this vulnerability poses a significant risk to the organization. We strongly recommend that the vendor-supplied patches be deployed as a top priority. Although this CVE is not currently on the CISA KEV list, its impact warrants immediate attention. If patching is delayed, the compensating controls listed above must be implemented without delay to reduce the attack surface and mitigate risk.