Wonderware » Intouch : Security Vulnerabilities, CVEs,
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
Max CVSS
1.7
EPSS Score
0.04%
Published
2015-08-01
Updated
2015-08-04
The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.
Max CVSS
5.0
EPSS Score
83.42%
Published
2008-05-06
Updated
2018-10-11
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.
Max CVSS
9.0
EPSS Score
0.83%
Published
2007-11-20
Updated
2024-01-25
3 vulnerabilities found