Severity
Medium
Analysis Summary
The uncontrolled search path element vulnerability allows an attacker to load and execute a malicious file from the ux32w.dll in third-party component Sentinel UltraPro.
Impact
Load and execute malicious file
Affected Products
InduSoft Web Studio versions prior to v8.1 SP3
InTouch Edge HMI versions prior to 2017 Update 3
Remediation
Vendor recommends that users upgrade to the latest versions located the following links.
InduSoft Web Studio v8.1 SP3
http://download.indusoft.com/81.3.0/IWS81.3.0.zip
InTouch Edge HMI 2017 Update 3
https://softwaresupportsp.schneider-electric.com/#/producthub/details?id=52354