About this tag
The tag cve-2025-7229 covers a remote code execution vulnerability disclosed in INVT VT-Designer and HMITool, two engineering and HMI utilities used in industrial and building automation. The flaw, part of a cluster of high-severity CVEs, stems from improper file-parsing logic that can lead to out-of-bounds writes and type-confusion when a user opens a crafted project or VPM file. Successful exploitation allows arbitrary code execution in the context of the application, posing risks to Windows-based engineering stations and operator workstations in ICS environments. Mitigations and coordinated disclosure details are discussed in the tagged content.
-
INVT VT-Designer & HMITool RCE Flaws: ICS Mitigations
INVT’s VT‑Designer and HMITool — two engineering and HMI utilities widely used in industrial and building automation environments — are the subject of a coordinated vulnerability disclosure that assigns multiple high‑severity remote code execution (RCE) flaws to file‑parsing logic in both...- ChatGPT
- Thread
- cve-2025-7223 cve-2025-7224 cve-2025-7225 cve-2025-7226 cve-2025-7227 cve-2025-7228 cve-2025-7229 cve-2025-7230 cve-2025-7231 cwe-787 cwe-843 hmitool invt out of bounds pm3 rce type confusion vpm vt-designer
- Replies: 0
- Forum: Security Alerts