NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. Successful exploitation of this vulnerability would require the victim to install and execute malicious code that could result in arbitrary code execution. Wonderware System Platform 2014 R2 and prior versions.The following Schneider Electric products are affected: Ivan Sanchez has tested the patch to validate that it resolves the vulnerability. Schneider Electric has produced a patch that mitigates this vulnerability. Ivan Sanchez of WiseSecurity Team has identified a fixed search path vulnerability in Schneider Electric’s Wonderware InTouch, Application Server, Historian, and SuiteLink applications, which are part of the Wonderware System Platform suite.
0 Comments
Leave a Reply. |