Schneider Electric Wonderware InTouch Access Anywhere

CVSS 8.8 HIGH

Risk Summary

ATTENTION: Remotely Exploitable/low skill level to exploit

CVE-2017-5156 CVE-2017-5158 CVE-2017-5160

Schneider Electric has released a new software version to address the identified vulnerabilities and recommends that users of affected versions upgrade to Wonderware InTouch Access Anywhere 2017 (17.0.0).
Users of Wonderware InTouch Access Anywhere can login at the following support site to download the upgrade:
Schneider Electric has issued Security Bulletin LFSEC00000114, which contains additional information:

Schneider Electric Software, LLC

Schneider Electric Software, LLC · Wonderware InTouch Access Anywhere <= 11.5.2

Critical Manufacturing, Energy, Healthcare and Public Health, and Water and Wastewater Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.