ICSA-15-008-02
·
Published 2025-06-06
·
View on CISA ICS-CERT ↗
Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability
CVSS 10.0
CRITICAL
CVEs (1)
Remediations
- Schneider Electric has released a security update that mitigates the stack-based buffer overflow vulnerability in Wonderware’s InTouch Access Anywhere Server product, Versions 10.6 and 11.0. Schneider Electric’s security updates for Version 10.6 and Version 11.0 are available at the following location with a user account: (https://wdnresource.wonderware.com/tracking/confirmdownload.aspx?id=3001&url=https://wdnresource.wonderware.com/support/patchfixes/1/WW-ITAA2014P01-LFSEC104.zip&rme=https://wdnresource.wonderware.com/support/patchfixes/1/WW-ITAA2014P01-LFSEC104.txt)
- Schneider Electric has released a security bulletin titled “InTouch Access Anywhere Server Security Vulnerability, LFSEC00000104” to announce the security update, which is available at the following location: (https://gcsresource.invensys.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000104.pdf)
Affected Vendors
Schneider Electric
Affected Products (2)
Schneider Electric
·
InTouch Access Anywhere Server
10.6
Schneider Electric
·
InTouch Access Anywhere Server
11.0
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more