A high-severity vulnerability has been identified in multiple INVT products, allowing for remote code execution. An attacker could exploit this by tricking a user or an automated system into processing a malicious PM3 project file, potentially leading to a complete system compromise. This could result in the disruption of industrial processes, data theft, or the installation of malicious software such as ransomware.

This vulnerability is a type confusion error that occurs within the INVT VT-Designer software when it parses a specially crafted PM3 project file. A type confusion vulnerability happens when the software allocates memory for an object of one type but later accesses that memory as if it were a different, incompatible type. An attacker can create a malicious PM3 file that exploits this confusion to corrupt memory in a controlled way, ultimately leading to the execution of arbitrary code with the privileges of the user running the software. To exploit this, an attacker would need to deliver the malicious file to a target system and have it opened by the vulnerable software.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could have a severe business impact, particularly given that INVT products are often used in Industrial Control Systems (ICS) and Operational Technology (OT) environments. A complete system takeover could lead to the disruption or shutdown of critical industrial processes, causing operational downtime and financial loss. Furthermore, an attacker could steal sensitive intellectual property, install ransomware to extort the organization, or use the compromised host as a pivot point to move laterally across the corporate and OT networks, escalating the scope of the breach.

Immediate Action: The primary remediation is to apply the security patches provided by INVT immediately. Priority should be given to any systems that are internet-facing or otherwise exposed to untrusted networks. After patching, it is critical to monitor for any signs of exploitation attempts that may have occurred prior to the patch and to review system and application access logs for any suspicious activity related to the vulnerable software.

Proactive Monitoring: Implement enhanced monitoring on systems running INVT software. Security teams should look for abnormal application behavior or crashes related to the VT-Designer software, especially when processing PM3 files. Monitor network traffic for unusual outbound connections from these systems, which could indicate a command-and-control (C2) channel. On the host level, monitor for the creation of unexpected files, processes, or scheduled tasks that could signify a successful compromise.

Compensating Controls: If immediate patching is not feasible due to operational constraints, implement the following compensating controls to mitigate risk:

• Use network segmentation to isolate vulnerable systems from the internet and other non-essential parts of the corporate network.
• Enforce strict access control policies to limit the ability of users to open PM3 files from untrusted sources like email or web downloads.
• Deploy application whitelisting solutions to prevent the execution of any unauthorized code on the affected systems.

Public Exploit Available: false

Given the high-severity rating and the risk of remote code execution, we strongly recommend that organizations prioritize the remediation of this vulnerability. The primary course of action is to apply the vendor-supplied patches to all affected systems, starting with those that are most exposed or critical. Although this vulnerability is not yet listed on the CISA KEV catalog, its potential impact warrants immediate attention. If patching must be delayed, the compensating controls outlined above should be implemented without delay to reduce the attack surface and mitigate risk.