Wonderware Information Server Vulnerabilities

CVSS 9.3 CRITICAL

CVEs (4)

CVE-2013-0688 CVE-2013-0684 CVE-2013-0686 CVE-2013-0685

Invensys has developed an update to the WIS software that mitigates these vulnerabilities. The Positive Technologies Research Team has tested the update and validated that it fixes the vulnerabilities. Instructions to download and install the update are found on the Invensys download page at the following link: (https://wdn.wonderware.com/sites/WDN/Pages/Downloads/Software.aspx)
According to Invensys, any machine running one or more of the products listed above is affected and should be patched. No other components of the WIS installed products are affected. Users should install the update using instructions provided in the ReadMe file for the product and component being installed. Invensys recommends that users should set the Security level settings in the Internet browser to “Medium – High” to minimize the risks presented by these vulnerabilities.

Invensys

Invensys · WIS 4.0_SP1SP1

Invensys · WIS 4.5–Portal

Invensys · WIS 5.0–Portal

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.