AVEVA has recently released InduSoft Web Studio v8.1+SP3 and InTouch Edge HMI 2017 Update 3, which addresses the cyber security vulnerability described in the AVEVA Security Bulletin LFSEC00000133.
We strongly recommend to upgrade your systems to this version, especially if it is accessible through a public network (internet). If you are not using remote access to your applications, make sure you disable the TCP/IP Server and use firewall to protect against unwanted incoming connections. Moreover, we also recommend following good practices to prevent attacks, such as enabling the built-in security system of the product, enforcing a strong password to all users configured in the system, enabling SSL, and limiting incoming connections to only specific client IP addresses. You must also consider adding other layers of security, such as VPN and Advanced Firewalls based on your IT and security experts recommendations. Furthermore, we strongly recommend you follow the NIST Guide to Industrial Control System (ICS) Security.