Skip to main content

Invensys Wonderware Products Insecure Library Loading Vulnerability

Last Update Date: 25 Jul 2012 15:02 Release Date: 25 Jul 2012 5084 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in multiple Invensys Wonderware products, which can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load an arbitrary library by tricking a user into opening certain files located on a remote WebDAV or SMB share.


Impact

  • Remote Code Execution

System / Technologies affected

  • Invensys Foxboro Control Software 4.x
  • Invensys InFusion Control Edition 2.x
  • Invensys InFusion Foundation Edition 2.x
  • Invensys InFusion SCADA 2.x
  • Invensys Wonderware Application Server 2012
  • Invensys Wonderware Application Server 3.x
  • Invensys Wonderware Historian Client 10.x
  • Invensys Wonderware InTouch 10.x
  • Wonderware InBatch 9.x
  • Wonderware Information Server 4.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply updates.

Vulnerability Identifier


Source


Related Link