Cyber Security Updates

Get the latest updates and alerts on Cyber Security and Compliance from AVEVA Software.

Date

Notice Identification Number

Security Vulnerability Description

Detailed Information

October 30, 2018

LFSEC00000130

InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) – Remote Code Execution Vulnerability

AVEVA Software, LLC. (“AVEVA”) has created a security update to address vulnerabilities in:

  • InduSoft Web Studio versions prior to 8.1 SP2
  • InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2

The vulnerabilities in the TCP/IP Server Task could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime. If the TCP/IP Server Task is disabled, InduSoft Web Studio is not vulnerable.

July 20, 2018

LFSEC00000126

InTouch Access Anywhere Insecure 3rd Party Library usage

AVEVA Software, LLC. (“AVEVA”) has created a security update to address an outdated and insecure 3rd party library used in:

  • InTouch Access Anywhere 2017 Update 2 and older
The vulnerability, if exploited, could result in a Cross-Site Scripting injection and execution.

July 20, 2018

LFSEC00000129

Wonderware License Server Insecure 3rd Party component usage

AVEVA Software, LLC. (“AVEVA”) has created a security update to address an outdated and insecure 3rd party component used in:

  • Wonderware License Server 4.0.13100 and older

The vulnerability, if exploited, could result in remote code execution with administrative privileges. Wonderware License Server is delivered by Wonderware Information Server 4.0 SP1 and older and Historian Client 2014 R2 SP1 P02 and older.

July 13, 2018

LFSEC00000128

InduSoft Web Studio and InTouch Machine Edition – Remote Code Execution Vulnerability

AVEVA Software, LLC. (“AVEVA”) has created a security update to address vulnerabilities in:

  • InduSoft Web Studio v8.1 and v8.1 SP1
  • InTouch Machine Edition 2017 v8.1 and v8.1 SP1

The vulnerabilities, if exploited against the TCP/IP Server Task, could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Machine Edition runtime. If the TCP/IP Server Task is disabled, InduSoft Web Studio is not vulnerable.

July 13, 2018

LFSEC00000127

InTouch Remote Code Execution on locales that do not use a dot floating point separator

AVEVA Software, LLC. (“AVEVA”) has created a security update to address vulnerabilities in:

  • InTouch 2017 Update 2
  • InTouch 2014 R2 SP1

The vulnerabilities, if exploited on operating system locales that do not use a dot floating point separator, could allow an unauthenticated user to remotely execute code with the same privileges as those of the InTouch View process.

April 6, 2018

LFSEC00000125

InduSoft Web Studio and InTouch Machine Edition – Remote Code Execution Vulnerability

Schneider Electric Software, LLC (“Schneider Electric”) has created a security update to address vulnerabilities in:

  • InduSoft Web Studio v8.1 and prior versions
  • InTouch Machine Edition 2017 v8.1 and prior versions

November 9, 2017

LFSEC00000124

 InduSoft Web Studio and InTouch Machine Edition – Remote Code Execution Vulnerability

Security Vulnerability Description: Schneider Electric Software, LLC (“Schneider Electric”) has created a security update to address vulnerabilities in:

  • InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions
  • InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions

The vulnerabilities, if exploited, could allow an un-authenticated malicious entity to remotely execute code with high privileges.

September 15, 2017

LFSEC00000121

 InduSoft Web Studio – Remote Arbitrary Command Execution Vulnerability

InduSoft by Schneider Electric has created a security update to address vulnerabilities in the InduSoft Web Studio v8.0 SP2 and prior. The vulnerabilities, if exploited, could allow an un-authenticated malicious entity to remotely execute arbitrary commands with high privileges.

June 30, 2017

LFSEC00000118

 Ampla MES multiple vulnerabilities

Ampla by Schneider Electric has created a security update to address vulnerabilities in the Ampla MES versions 6.4 and prior. The vulnerabilities, if exploited, could allow a malicious entity to:

  • Compromise credentials used to connect to 3rd party databases
  • Compromise credentials of Ampla Users configured with Simple Security

June 30, 2017

LFSEC00000116

 Wonderware ArchestrA Logger multiple vulnerabilities

Wonderware by Schneider Electric has created a security update to address vulnerabilities in the Wonderware ArchestrA Logger versions 2017.426.2307.1 or prior. The vulnerabilities, if exploited, could allow a malicious entity to remotely execute arbitrary code or cause denial of service.

April 28, 2017

LFSEC00000120

 Wonderware Historian Client XML Injection Vulnerability

Wonderware by Schneider Electric has created a security update to address a vulnerability in Wonderware Historian Client 2014 R2 SP1 and prior. The vulnerability, if exploited, could allow a malicious entity to cause denial of service of trend display, or to disclose arbitrary files from the local file system to a malicious web site.

March 27, 2017

LFSEC00000114

Wonderware InTouch Access Anywhere Vulnerabilities

Wonderware by Schneider Electric has created a security update to address vulnerabilities in Wonderware InTouch Access Anywhere 2014 R2 SP1b (11.5.2) and prior versions. The vulnerabilities, if exploited, could allow a malicious entity to:

  • Perform actions on behalf of a legitimate user
  • Perform network reconnaissance
  • Gain access to resources beyond those intended with normal operation of the product

February 13, 2017

LFSEC00000119

Privilege Escalation in Tableau Server

Wonderware by Schneider Electric has made available a security update to address vulnerabilities in Tableau Server versions 7.0 to 10.1.3, as used by Wonderware Intelligence versions 2014R3 and prior. The vulnerabilities, if exploited, could allow a malicious entity to escalate their privilege to an administrator and take control over the host machine where Tableau Server is installed.

January 24, 2017

LFSEC00000115

Wonderware Historian Default Login Credentials

Wonderware Historian creates native SQL logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, SQL resources beyond those created by Wonderware Historian may be compromised as well.

January 27, 2016

LFSEC00000112

Wonderware Products Default Administrator Credentials (LFSEC00000112)

This Wonderware by Schneider Electric security advisory has been posted to address a "Default Administrator Credentials" that was posted on Github recently. Customers are advised to change any default administrator account credentials as instructed in the products' end user documentation and administrator guides. Security advisory rating is Medium.

June 18, 2015

LFSEC00000106

InTouch, AppServer, Historian, and SuiteLink Binary Planting Security Vulnerability (LFSEC00000106)

Wonderware by Schneider Electric has created a security update to address Binary Planting vulnerabilities in Wonderware System Platform 2014 R2. The vulnerabilities, if exploited, could allow malicious code execution and are given a rating of "High."

December 19, 2014

LFSEC00000104

InTouch Access Anywhere Server Security Vulnerability

Wonderware by Schneider Electric has created a security update to address a potential vulnerability in the product Wonderware InTouch Access Anywhere Server. This vulnerability, if exploited, could allow remote code execution and is given a rating of "Critical". There are no known exploits in the wild at this time.

August 18, 2014

LFSEC00000102

Multiple Vulnerabilities in Wonderware Information Server

In coordination with independent researcher Positive Technologies, Wonderware by Schneider Electric has created a security update for Wonderware Information Server (WIS) web pages and components to address multiple vulnerabilities including cross-site scripting, XML Entity injection, SQL injection, weak encryption and storage of SQL Accounts, and hard-coded credentials.

June 30, 2014

LFSEC000000100

Tableau OpenSSL Vulnerabilities (LFSEC000000100)

Potential security vulnerabilities have been discovered in multiple versions of the OpenSSL library used by Tableau Desktop/Server Software previously posted on WDN. Tableau Software has released a new product install which addresses these security vulnerabilities.

April 21, 2014

LFSEC00000098

Tableau OpenSSL Vulnerability

A vulnerability has been discovered in the OpenSSL library used by certain versions of Tableau Software Server Components previously posted on WDN. Tableau Software has released security patches for the affected versions.

September 20, 2013

LFSEC00000081

Wonderware InTouch Improper Input Validation Vulnerability

Positive Technologies have discovered a vulnerability in the InTouch 2012 R2 HMI product which exists in all previous versions. This vulnerability, if exploited, could allow attackers to access local resources (files and internal resources) or enable denial of service attacks. The rating is High and may require social engineering to exploit.

April 10, 2013

LFSEC00000091

Multiple Vulnerabilities in Wonderware Information Server

In coordination with Independent researchers Timur Yunusov, Alexey Osipov, and Ilya Karpov of the Positive Technologies Research Team, Schneider Electric Software has performed a security update of the Wonderware Information Server (WIS) web pages and components to address multiple vulnerabilities including cross-site scripting, file system access, XML Entity Injection, and blind SQL-injection.

March 1, 2013

LFSEC00000086

WIN-XML Exporter Improper Input Validation Vulnerability

A vulnerability has been discovered in the WIN-XML Exporter component of Wonderware Information Server. This vulnerability, if exploited, could allow attackers to access local resources (files and internal resources) or enable denial of service attacks.

February 21, 2013

LFSEC00000090

Improper Input Validation in Ruby on Rails

A vulnerability has been discovered in Ruby on Rails which is used in the Tableau Server Software components distributed with Wonderware Intelligence Software versions up to version 1.5 SP1. This vulnerability, if exploited, allows remote attackers to bypass intended database query restrictions which can result in complete take over on the host machine.

November 28, 2012

LFSEC00000080

Weak Encryption for InTouch Passwords

A vulnerability has been discovered in the password storage mechanism for the "InTouch" Security Type. Not affected by this vulnerability are end users who have chosen "Windows Integrated" security for their InTouch applications rather than the "InTouch" option.

September 11, 2012

LFSEC00000073

InTouch 10 DLL Hijack Vulnerability

A vulnerability has been discovered in wwClintF.dll, a common component used by InTouch and other Wonderware System Platform products. This vulnerability, if exploited, could result in an attacker creating a back door into the system.

September 11, 2012

LFSEC00000017

Directory Traversal Vulnerabilities in Application Server Bootstrap

Schneider Electric Software has discovered directory traversal type vulnerabilities in three components that are installed by the Wonderware Application Server Bootstrap. If exploited, these vulnerabilities could lead to information disclosure, malicious file upload, or arbitrary code execution.

May 25, 2012

LFSEC00000038

SuiteLink SLSSVC Vulnerability

Schneider Electric Software is aware that a denial of service type vulnerability, including exploit code has been posted on the web against the Wonderware Suitelink service, which is a common component of the System Platform and used to transport value, time and quality of digital I/O information and extensive diagnostics with high throughput between industrial devices, 3rd party and Wonderware products.Schneider Electric Software has confirmed the vulnerability exists for Wonderware products prior to the latest 2012 release and has identified mitigations for other products and prior versions.

April 2, 2012

LFSEC00000069

Cross-Site Scripting and SQL Injection in Wonderware Information Server pages and Memory Management issues in Historian Client controls.

In coordination with cyber researchers Terry McCorkle and Billy Rios, Schneider Electric Software has performed a security update of the Wonderware Information Server web pages to address multiple vulnerabilities including cross-site scripting and SQL-injection. In addition, memory management issues for the downloaded Historian Client controls were also addressed.

March 30, 2012

LFSEC00000071

Security Bulletin System Platform Buffer Overflow

Cyber researcher Celil Unuver from SignalSec Corp has discovered two heap-based buffer overflow vulnerabilities in the WWCabFile component of the Wonderware System Platform that is used by the Wonderware Application Server, InFusion (FCS), InTouch, the ArchestrA Application Object Toolkit and the Wonderware Information Server. If exploited, these vulnerabilities could lead to arbitrary code execution. The rating is Medium due to the exploit difficulty and may require social engineering.

February 8, 2012

LFSEC00000059-61

Memory corruption and XXS Vulnerabilities in Wonderware HMI Reports

Independent security researchers Billy Rios and Terry McCorkle have discovered memory corruption and cross site scripting vulnerabilities in Wonderware HMI Reports 3.42.835.0304. These vulnerabilities, if exploited, could allow an attacker to compromise the host machine. The rating is high but requires social engineering to exploit. Social engineering is when people are unknowingly manipulated to perform certain actions that may be detrimental to the system. For example, asking an end-user to click on an email link or download a file.

December 19, 2011

LFSEC000000067

InBatch Long String Value Buffer Overflow

Three vulnerabilities have been discovered in the Wonderware InBatch GUIControls, BatchObjSrv and BatchSecCtrl controls. These vulnerabilities, if exploited, could allow an attacker to execute arbitrary code or cause a Denial of Service on machines with Runtime Client components of Wonderware InBatch 9.5 and older versions.

July 13, 2011 (revised) October 11, 2011

LFSEC00000012

Buffer Overflow in RDBCMI.RuntimeDB.1 and WWView Active X Controls

Two vulnerabilities have been discovered in the Wonderware Information Server client side RDBCMI.RuntimeDB.1 and WWView ActiveX controls. These vulnerabilities, if exploited, could cause a stack based buffer overflow that might allow remote code execution on client machines of Wonderware Information Server versions 3.1, 4.0, 4.0 SP1 and older versions of the product.

April 8, 2011

LFSEC00000054

Stack Based buffer overflow in the "Label" method, in the InBatch BatchField ActiveX Control

A vulnerability (Stack overflow) has been discovered in the InBatch BatchField ActiveX Control. This control is installed as part of the InBatch Server and on all InBatch Runtime Clients, including when used embedded in InTouch® and any third party InBatch Client Programs (VB or C++). In addition, this control can be used in publishing InTouch graphics in Wonderware Information Server.

February 18, 2011 REVISION

LFSEC00000051

Server lm_tcp buffer overflow

A vulnerability has been discovered in InBatch Server and I/A Batch Server in all supported versions of Wonderware InBatch and Foxboro I/A Series Batch. This vulnerability, if exploited, could allow Denial of Service (DoS), the consequence of which is a crash of the InBatch Server

July 2010

LFSEC00000037

Wonderware ArchestrA ConfigurationAccessComponent ActiveX Stack Overflow

A vulnerability has been discovered in a component used by the Wonderware ArchestrA IDE (Integrated Development Environment) and the InFusion IEE (Integrated Engineering Environment) in all supported versions of Wonderware Application Server and InFusion Application Environment with exception of the latest, Wonderware Application Server 3.1 Service Pack 2 Patch 01 (WAS 3.1 SP2 P01).