ICSA-11-195-01
·
Published 2025-06-05
·
View on CISA ICS-CERT ↗
Wonderware Information Server
CVSS 9.3
CRITICAL
CVEs (1)
Remediations
- Invensys has developed a patch that fully resolves this vulnerability. This patch has been confirmed by the researchers. Customers of Invensys running vulnerable versions of Information Server can update their systems to the most recent patch release by following the steps provided by Invensys.
- In addition to applying this patch, Invensys has made additional recommendations to customers running vulnerable versions of the Information Server product. Log onto Cyber Security Updates site where Invensys provides information and useful links related to their security updates. Set the security level settings in the Internet browser to Medium−High to minimize the risk of an exploit of the vulnerability. For information regarding how to secure industrial control systems operating in a Microsoft Windows environment, please reference the Invensys Securing Industrial Control Systems Guide. (http://www.wonderware.com/support/mmi/esupport/securitycentral/documents/BestPractices/WWSecGd041707_External.pdf)
Affected Vendors
Invensys
Affected Products (3)
Invensys
·
Wonderware Information Server
3.1
Invensys
·
Wonderware Information Server
4.0
Invensys
·
Wonderware Information Server
4.0_SP1
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more