Vulnerabilities > Wonderware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-01 | CVE-2015-1009 | Information Exposure vulnerability in multiple products Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file. | 1.7 |
2008-05-06 | CVE-2008-2005 | Resource Management Errors vulnerability in Wonderware Intouch and Suitelink The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure. | 5.0 |
2007-11-20 | CVE-2007-6033 | Incorrect Permission Assignment for Critical Resource vulnerability in Wonderware Intouch 8.0 Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs. | 8.8 |