Invensys Wonderware Products Insecure Library Loading Vulnerability

Last Update Date: 25 Jul 2012 15:02 Release Date: 25 Jul 2012 4945 Views

RISK: High Risk

High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in multiple Invensys Wonderware products, which can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load an arbitrary library by tricking a user into opening certain files located on a remote WebDAV or SMB share.

Impact

  • Remote Code Execution

System / Technologies affected

  • Invensys Foxboro Control Software 4.x
  • Invensys InFusion Control Edition 2.x
  • Invensys InFusion Foundation Edition 2.x
  • Invensys InFusion SCADA 2.x
  • Invensys Wonderware Application Server 2012
  • Invensys Wonderware Application Server 3.x
  • Invensys Wonderware Historian Client 10.x
  • Invensys Wonderware InTouch 10.x
  • Wonderware InBatch 9.x
  • Wonderware Information Server 4.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply updates.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Siemens SIMATIC STEP 7 / PCS 7 Insecure Library Loading Vulnerability

25 Jul 2012 5216 Views

Next

ISC BIND Multiple Vulnerabilities

26 Jul 2012 4868 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY