Invensys Wonderware Products Insecure Library Loading Vulnerability
Last Update Date:
25 Jul 2012 15:02
Release Date:
25 Jul 2012
5084
Views
RISK: High Risk
TYPE: Servers - Other Servers
A vulnerability has been identified in multiple Invensys Wonderware products, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load an arbitrary library by tricking a user into opening certain files located on a remote WebDAV or SMB share.
Impact
- Remote Code Execution
System / Technologies affected
- Invensys Foxboro Control Software 4.x
- Invensys InFusion Control Edition 2.x
- Invensys InFusion Foundation Edition 2.x
- Invensys InFusion SCADA 2.x
- Invensys Wonderware Application Server 2012
- Invensys Wonderware Application Server 3.x
- Invensys Wonderware Historian Client 10.x
- Invensys Wonderware InTouch 10.x
- Wonderware InBatch 9.x
- Wonderware Information Server 4.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply updates.
Vulnerability Identifier
Source
Related Link
Share with