RSS   Vulnerabilities for 'Wonderware intouch'   RSS

2013-10-13
 
CVE-2012-4709

CWE-119
 

 
Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

 
2012-12-18
 
CVE-2012-4693

CWE-310
 

 
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file.

 

 >>> Vendor: Invensys 20 Products
Intouch
Wonderware application server
Wonderware archestra configuration access component activex control
Foxboro i/a series batch
Wonderware inbatch
Wonderware information server
Wonderware hmi reports
Archestra application object toolkit
Foxboro control software
Infusion control edition
Infusion foundation edition
Infusion scada
Dasabcip
Daserver runtime components
Dassidirect
Intouch/wonderware application server
Infusion ce/fe/scada
Wonderware historian
Wonderware intouch
Wonderware win-xml exporter


Copyright 2024, cxsecurity.com

 

Back to Top