Wonderware InBatch ActiveX Vulnerabilities

CVEs (1)

Remediations

• Invensys has developed software updates to address the reported vulnerabilities. Invensys recommends that customers who are running vulnerable versions of Wonderware InBatch update their systems to either InBatch 9.0 SP2 or 9.5 on all nodes that have the InBatch client runtime and the InBatch Server installed. Installation does not require a reboot. Uers can download updates from the “Software Download” section of the Invensys Customer First Support website.
• Follow the instructions in the ReadMe section for the product and component to install the software update. In addition to applying the software updates, Invensys has made additional recommendations to customers running vulnerable versions of the Invensys Wonderware InBatch product: Set the security level settings for the Internet browser to Medium−High to minimize the risk of a vulnerability exploit. Reference the Invensys Securing Industrial Control Systems Guide for additional information on securing industrial control systems operating in a Microsoft Windows environment.
• To access information related to Invensys security updates, customers can logon to the Cyber Security Updates website and the GCS Foxboro Wonderware Security Releases webpage.

Affected Vendors

Affected Products (5)