"Vulnerabilities in two applications widely used by manufacturers and power plant operators may have given hackers a foothold in America’s critical infrastructure, prior to being discovered by a Maryland-based cybersecurity firm. Tenable announced Wednesday that flaws in two human-machine interface (HMI) tools developed by Schneider Electric, a global energy management and automation company, are being fixed after Tenable’s researchers discovered that remote attackers could easily access the tools. Specifically, Schneider’s InduSoft Web Studio, which is used for real-time operations management in the production of oil and gas, among various other industries, and InTouch Machine Edition, human-machine interface SCADA software, were both affected, according to Tenable. Schneider, which has issued software patches to address the problem, did not immediately respond to a request for comment..." https://gizmodo.com/critical-flaws-in-industrial-software-left-us-infrastru-1825699778