Skip to main content
 
 
  Subscribe to our Blogs  |  Email Signup  |  Share: 
 
 

Cyber Security Updates 

 

     Date     

Notice Identification
Number 

Security Vulnerability
Description 

Detailed Information 

 June 30, 2014

 LFSEC000000100
Tableau OpenSSL Vulnerabilities (LFSEC000000100)

Potential security vulnerabilities have been discovered in multiple versions of the OpenSSL library used by Tableau Desktop/Server Software previously posted on WDN. Tableau Software has released a new product install which addresses these security vulnerabilities.

 Tableau OpenSSL Vulnerability (LFSEC000000100)

 April 21, 2014

 LFSEC00000098

Tableau OpenSSL Vulnerability

A vulnerability has been discovered in the OpenSSL library used by certain versions of Tableau Software Server Components previously posted on WDN. Tableau Software has released security patches for the affected versions.

 Tableau OpenSSL Vulnerability (LFSEC00000098)

 September 20, 2013

 LFSEC00000081

Invensys Wonderware InTouch Improper Input Validation Vulnerability

Positive Technologies have discovered a vulnerability in the InTouch 2012 R2 HMI product which exists in all previous versions. This vulnerability, if exploited, could allow attackers to access local resources (files and internal resources) or enable denial of service attacks. The rating is High and may require social engineering to exploit.

 Invensys Wonderware InTouch Improper Input Validation Vulnerability (LFSEC00000081)

 April 10, 2013

 LFSEC00000091

Multiple Vulnerabilities in Wonderware Information Server

In coordination with Independent researchers Timur Yunusov, Alexey Osipov, and Ilya Karpov of the Positive Technologies Research Team, Invensys has performed a security update of the Wonderware Information Server (WIS) web pages and components to address multiple vulnerabilities including cross-site scripting, file system access, XML Entity Injection, and blind SQL-injection.

 Multiple Vulnerabilities in Wonderware Information Server (LFSEC00000091)

 March 1, 2013

 LFSEC00000086

WIN-XML Exporter Improper Input Validation Vulnerability

A vulnerability has been discovered in the WIN-XML Exporter component of Wonderware Information Server. This vulnerability, if exploited, could allow attackers to access local resources (files and internal resources) or enable denial of service attacks.

 WIN-XML Exporter Improper Input Validation Vulnerability (LFSEC00000086)
 
Download the Microsoft File Checksum Integrity Verifier (FCIV) Utility

 February 21, 2013

 LFSEC00000090

Improper Input Validation in Ruby on Rails

A vulnerability has been discovered in Ruby on Rails which is used in the Tableau Server Software components distributed with Wonderware Intelligence Software versions up to version 1.5 SP1. This vulnerability, if exploited, allows remote attackers to bypass intended database query restrictions which can result in complete take over on the host machine.

 Improper Input Validation in Ruby on Rails (LFSEC00000090)

 November 28, 2012

 LFSEC00000080

Weak Encryption for InTouch Passwords

A vulnerability has been discovered in the password storage mechanism for the "InTouch" Security Type. Not affected by this vulnerability are end users who have chosen "Windows Integrated" security for their InTouch applications rather than the "InTouch" option.

 Weak Encryption for InTouch Passwords (LFSEC00000080)

 September 11, 2012

 LFSEC00000073

InTouch 10 DLL Hijack Vulnerability

A vulnerability has been discovered in wwClintF.dll, a common component used by InTouch and other Wonderware System Platform products. This vulnerability, if exploited, could result in an attacker creating a back door into the system.

 InTouch 10 DLL Hijack Vulnerability (LFSEC00000073)

 September 11, 2012

 LFSEC00000017

Directory Traversal Vulnerabilities in Application Server Bootstrap

Invensys has discovered directory traversal type vulnerabilities in three components that are installed by the Wonderware Application Server Bootstrap. If exploited, these vulnerabilities could lead to information disclosure, malicious file upload, or arbitrary code execution.

 Directory Traversal Vulnerabilities in Application Server Bootstrap (LFSEC00000017)

 May 25, 2012

 LFSEC00000038

SuiteLink SLSSVC Vulnerability

 Invensys is aware that a denial of service type vulnerability, including exploit code has been posted on the web against the Wonderware Suitelink service, which is a common component of the System Platform and used to transport value, time and quality of digital I/O information and extensive diagnostics with high throughput between industrial devices, 3rd party and Wonderware products.

Invensys has confirmed the vulnerability exists for Wonderware products prior to the latest 2012 release and has identified mitigations for other products and prior versions.

Invensys Security Alert (LFSEC00000038): SuiteLink Cyber Security Update 2.0 SP2 is Available

ICS-CERT ALERT "ICS-ALERT-12-136-01 - Wonderware SuiteLink Unallocated Unicode String"

This ALERT identifies an unallocated Unicode string vulnerability.

April 2, 2012

 LFSEC00000069

Cross-Site Scripting and SQL Injection in Wonderware Information Server pages and Memory Management issues in Historian Client controls.

In coordination with cyber researchers Terry McCorkle and Billy Rios, Invensys has performed a security update of the Wonderware Information Server web pages to address multiple vulnerabilities including cross-site scripting and SQL-injection. In addition, memory management issues for the downloaded Historian Client controls were also addressed.

 

Wonderware Information Server Page and Memory Management Issues for Historian Client Security Release (LFSEC00000069)

ICS-CERT Notification - ICSA-12-062-01

 March 30, 2012

 LFSEC00000071

Security Bulletin System
Platform Buffer Overflow

Cyber researcher Celil Unuver from SignalSec Corp has discovered two heap-based buffer overflow vulnerabilities in the WWCabFile component of the Wonderware System Platform that is used by the Wonderware Application Server, InFusion (FCS), InTouch, the ArchestrA Application Object Toolkit and the Wonderware Information Server. If exploited, these vulnerabilities could lead to arbitrary code execution. The rating is Medium due to the exploit difficulty and may require social engineering.

System Platform Buffer Overflow (LFSEC00000071)

ICS-CERT Notification - ICSA-12-081-01

February 8, 2012

LFSEC00000059-61

Memory corruption and XXS Vulnerabilities in Wonderware HMI Reports

Independent security researchers Billy Rios and Terry McCorkle have discovered memory corruption and cross site scripting vulnerabilities in Wonderware HMI Reports 3.42.835.0304. These vulnerabilities, if exploited, could allow an attacker to compromise the host machine. The rating is high but requires social engineering to exploit. Social engineering is when people are unknowingly manipulated to perform certain actions that may be detrimental to the system. For example, asking an end-user to click on an email link or download a file.

Wonderware HMI Reports Security Release (LFSEC00000059-61)

ICS-CERT Advisory -ICSA-12-039-0

ICS-CERT Advisory -ICSA-12-024-01

 December 19, 2011

 LFSEC000000067

InBatch Long String
Value Buffer Overflow

 Three vulnerabilities have been discovered in the Wonderware InBatch GUIControls, BatchObjSrv and BatchSecCtrl controls. These vulnerabilities, if exploited, could allow an attacker to execute arbitrary code or cause a Denial of Service on machines with Runtime Client components of Wonderware InBatch 9.5 and older versions.

Wonderware InBatch Security Release (LFSEC000000067)
 
DHS – US-CERT LINK

Security Bulletin- LFSEC000000067

 July 13, 2011

(revised)

October 11, 2011

LFSEC00000012

Buffer Overflow in RDBCMI.RuntimeDB.1 and WWView Active X Controls

 Two vulnerabilities have been discovered in the Wonderware Information Server client side RDBCMI.RuntimeDB.1 and WWView ActiveX controls. These vulnerabilities, if exploited, could cause a stack based buffer overflow that might allow remote code execution on client machines of Wonderware Information Server versions 3.1, 4.0, 4.0 SP1 and older versions of the product.

 Wonderware Information Server Client Security Release (LFSEC00000012)

 

 ICS-CERT SECURITY ADVISORY- ICSA-11-195-01

InFusion Customer Advisory 

                                   

 April 8, 2011

 LFSEC00000054

Stack Based buffer overflow in the “Label” method, in the InBatch BatchField ActiveX Control

 A vulnerability (Stack overflow) has been discovered in the InBatch BatchField ActiveX Control. This control is installed as part of the InBatch Server and on all InBatch Runtime Clients, including when used embedded in InTouch® and any third party InBatch Client Programs (VB or C++). In addition, this control can be used in publishing InTouch graphics in Wonderware Information Server.

ICS-CERT Security Notification
 
April 8, 2011 - LFSEC00000054

Tech Alert 141

 February 18, 2011  
REVISION

 LFSEC00000051

Server lm_tcp buffer overflow

 A vulnerability has been discovered in InBatch Server and I/A Batch Server in all supported versions of Wonderware InBatch and Foxboro I/A Series Batch. This vulnerability, if exploited, could allow Denial of Service (DoS), the consequence of which is a crash of the InBatch Server.

 February 18, 2011 - LFSEC00000051

March 3, 2011 - ICS CERT Notification Update

 

July 2010

LFSEC00000037

Wonderware ArchestrA ConfigurationAccessComponent ActiveX Stack Overflow

 

 A vulnerability has been discovered in a component used by the Wonderware ArchestrA IDE (Integrated Development Environment) and the InFusion IEE (Integrated Engineering Environment) in all supported versions of Wonderware Application Server and InFusion Application Environment with exception of the latest, Wonderware Application Server 3.1 Service Pack 2 Patch 01 (WAS 3.1 SP2 P01).

 

 July 2010 - LFSEC00000037

US-CERT – VU#703189

 

Global Security Updates:

 

Avantis     Foxboro

 

SimSci   Triconex   Wonderware