A critical vulnerability has been discovered in multiple INVT products, allowing for remote code execution. An attacker could exploit this flaw by tricking a user into opening a specially crafted project file, which would grant the attacker complete control over the affected workstation. This could lead to the theft of sensitive design data, disruption of operations, and further network intrusion.

The vulnerability exists within the INVT VT-Designer software due to improper handling of PM3 project files. When a user opens a maliciously crafted PM3 file, a file parsing error triggers an out-of-bounds write in the application's memory. A threat actor can leverage this memory corruption flaw to overwrite critical program data, leading to the execution of arbitrary code with the same privileges as the user running the software. Exploitation requires user interaction, typically tricking the user into opening the malicious file received via email or downloaded from a compromised source.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could have a severe business impact, particularly for organizations in the industrial and manufacturing sectors. An attacker gaining control of an engineering workstation could steal valuable intellectual property, such as proprietary project designs and schematics. Furthermore, a compromised workstation could serve as a pivot point to attack the broader Operational Technology (OT) network, potentially leading to the manipulation or disruption of industrial control systems and physical processes.

Immediate Action: The primary remediation is to apply the security patches provided by INVT immediately, prioritizing any internet-facing systems or workstations used by engineers and operators. Until patching is complete, organizations should block the reception of PM3 files from untrusted external sources at the email gateway and web filters.

Proactive Monitoring: Security teams should monitor for signs of exploitation. This includes reviewing application logs for VT-Designer crashes or errors, using Endpoint Detection and Response (EDR) to monitor for suspicious child processes spawned by the VT-Designer application, and scrutinizing network logs for unusual outbound connections from workstations running the affected software.

Compensating Controls: If immediate patching is not feasible, organizations should implement compensating controls. These include restricting software usage to authorized personnel, using application control (whitelisting) to prevent unauthorized code execution, and isolating workstations with vulnerable software from the general corporate network and the internet.

Public Exploit Available: False

Given the High severity rating (CVSS 7.8) and the risk of remote code execution, we strongly recommend that all affected organizations prioritize the deployment of the vendor-supplied patches. The potential for an attacker to compromise engineering workstations and pivot into sensitive OT networks presents a significant risk. Although this CVE is not currently listed on the CISA KEV list, its characteristics make it a prime candidate for future inclusion if actively exploited. Organizations that cannot patch immediately must apply the recommended compensating controls and enhance monitoring to detect and respond to any potential exploitation attempts.