Invensys Wonderware Products Multiple Vulnerabilities

by Carol~ Moderator - 4/3/12 2:28 PM

In Reply to: VULNERABILITIES / FIXES - April 03, 2012 by Carol~ Moderator

Release Date : 2012-04-03

Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: Invensys Wonderware Historian Client 10.x
Wonderware Information Server 4.x

Description:
Multiple vulnerabilities have been reported in Wonderware Information Server and Invensys Wonderware Historian Client, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, bypass certain security restrictions, and compromise a vulnerable system.

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

3) An unspecified error in client controls can be exploited to bypass certain security restrictions.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are reported in Wonderware Information Server versions 4.0 SP1 and 4.5 and Invensys Wonderware Historian Client versions prior to 10 SP3.

Solution:
Install patch. Please see original advisory for more information.

Provided and/or discovered by:
ICS-CERT credits Terry McCorkle and Billy Rios.

Original Advisory:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf

http://secunia.com/advisories/48603/