A high-severity vulnerability has been discovered in multiple INVT products, which could allow an attacker to take full control of an affected system. By tricking a user into opening a specially crafted project file, an attacker can execute malicious code, potentially leading to data theft, system compromise, or disruption of industrial operations. Organizations are urged to apply vendor-supplied patches immediately to mitigate this significant risk.

This vulnerability is an out-of-bounds write that occurs when the INVT VT-Designer software parses a malicious PM3 project file. An attacker can create a PM3 file with specific malformed data that, when opened by a user, causes the application to write data outside of its intended memory buffer. This memory corruption can be leveraged by the attacker to crash the application (Denial of Service) or, more critically, to execute arbitrary code on the user's system with the same privileges as the application.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could grant an attacker complete control over the compromised workstation or server. This could lead to severe business consequences, including the theft of sensitive intellectual property, deployment of ransomware, lateral movement across the network to compromise other critical assets, or direct manipulation of Industrial Control Systems (ICS) managed by the software. The primary risk is remote code execution, which poses a direct threat to data confidentiality, integrity, and system availability.

Immediate Action: Identify all systems running the vulnerable INVT software and apply the vendor-provided security patches immediately. Priority must be given to internet-facing systems and workstations used by engineers or operators who may receive PM3 files from external sources. After patching, monitor systems for any signs of compromise that may have occurred prior to remediation.

Proactive Monitoring: Enhance monitoring and logging on systems running INVT software. Security teams should look for logs indicating application crashes related to file parsing, attempts to open malformed PM3 files, and any unusual outbound network connections or child processes originating from the INVT application. Endpoint Detection and Response (EDR) tools should be configured to alert on such suspicious behavior.

Compensating Controls: If immediate patching is not feasible (e.g., in a 24/7 operational environment), implement the following controls:

• Use network segmentation to isolate systems running vulnerable software from the internet and other critical corporate networks.
• Enforce a strict policy against opening PM3 files from untrusted or unsolicited sources, such as external emails.
• Utilize application control or whitelisting to prevent the INVT software from executing unexpected processes.

Public Exploit Available: false

Due to the high severity (CVSS 7.8) and the potential for remote code execution, this vulnerability requires immediate attention. It is strongly recommended that organizations prioritize the deployment of the security patches provided by INVT across all affected assets. While there is no evidence of active exploitation, the risk of future compromise is significant. Organizations should treat this as a critical threat and implement the remediation and monitoring steps outlined above to protect their operational and information technology environments.