CVE-2022-1467: Support | Cyber Security Updates

Get the latest updates and alerts on Cyber Security and Compliance from AVEVA Software.

Cyber researchers can report security findings to AVEVA by contacting [email protected].

Notice Identification Number

Security Vulnerability Description

AVEVA™ InTouch Access Anywhere and AVEVA™ Plant SCADA Access Anywhere – Mitigation advice to prevent escape from streamed application into OS context

Detailed Information

Notice Identification Number

AVEVA-2021-007

System Platform – Cleartext Credentials in Memory and Diagnostic Memory Dumps

Security Vulnerability Description

AVEVA Software, LLC. (“AVEVA”) has created security updates for supported versions to address vulnerabilities in AVEVA™ System Platform 2020 R2 P01 and all prior versions. The vulnerabilities could expose cleartext credentials.

Detailed Information

Notice Identification Number

AVEVA-2021-008

DLL Hijacking through Uncontrolled Search Path Element in the PCS Portal Application

Security Vulnerability Description

AVEVA Software, LLC. (“AVEVA”) has created security updates to address DLL Hijacking vulnerabilities in the Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6. The vulnerabilities, if exploited, could allow malicious code execution within the context of the PCS Portal application.

Detailed Information

Notice Identification Number

AVEVA-2021-003

SuiteLink Server – Multiple Denial of Service (DoS) Vulnerabilities and theoretical Remote Code Execution (RCE)

Security Vulnerability Description

AVEVA Software, LLC. (“AVEVA”) has created a security update to address vulnerabilities in the SuiteLink Server. The vulnerabilities, if exploited, will cause the SuiteLink Server to crash while parsing a malicious packet. Additionally, it may theoretically be possible to achieve Remote Code Execution, but no proof-of-concept exists. SuiteLink Clients are not affected by this vulnerability and do not need to be patched.

Detailed Information

Notice Identification Number

AVEVA-2021-002

System Platform - Vulnerabilities in AutoBuild Chaining to Arbitrary Code Execution or Denial of Service

Security Vulnerability Description

AVEVA Software, LLC. (“AVEVA”) has created a security update to address vulnerabilities in AutoBuild. The vulnerable AutoBuild component is present in AVEVA™ System Platform versions 2017 through 2020 R2 P01 (inclusive). The vulnerabilities, if exploited and chained together, could allow a malicious entity to execute arbitrary code with system privileges or cause a denial of service.

Detailed Information

Notice Identification Number

AVEVA-2021-001

InTouch - Cleartext Password in WindowViewer Diagnostic Memory Dumps

Security Vulnerability Description

AVEVA Software, LLC. (“AVEVA”) has created security updates for supported versions to address a vulnerability that exists in InTouch 2020 R2 and all prior versions. The vulnerability could expose cleartext credentials from InTouch Runtime (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location where an unauthorized, malicious user can access it.

Detailed Information

Notice Identification Number

AVEVA-2020-001

SQL Injection in AVEVA™ Enterprise Data Management Web (formerly eDNA Web)

Security Vulnerability Description

AVEVA Software, LLC. (“AVEVA”) has created a security update to address SQL Injection vulnerabilities in AVEVA™ Enterprise Data Management Web v2019 and all prior versions formerly known as eDNA Web.

Detailed Information

Notice Identification Number

LFSEC00000139

IEC870IP Driver for Vijeo Citect and Citect SCADA Vulnerability: Stack-based Buffer Overflow

Security Vulnerability Description

AVEVA Software, LLC. (“AVEVA”) is publishing this bulletin to inform customers of a security vulnerability in the IEC870IP driver v4.14.02 and earlier for Vijeo Citect and Citect SCADA. The vulnerability, if exploited, could allow a buffer overflow to occur.
AVEVA recommends that organizations evaluate the impact of the vulnerability based on their operational environment, architecture, and product implementation.

Detailed Information

Notice Identification Number

LFSEC00000136

Vijeo Citect and CitectSCADA Vulnerability - Insecure Credentials Storage

Security Vulnerability Description

AVEVA Software, LLC. (“AVEVA”) is publishing this advisory to inform customers of a security vulnerability in Vijeo Citect 7.30 and 7.40 and CitectSCADA 7.30 and 7.40 versions. The vulnerability, if exploited, could allow a malicious entity to obtain the Citect User Credentials.

Detailed Information

Notice Identification Number

LFSEC00000131

InduSoft Web Studio and InTouch Edge HMI - Insecure 3rd Party Component

Security Vulnerability Description

AVEVA Software, LLC (“AVEVA”) has created a security update to address an outdated and insecure 3rd party component used in:

• InduSoft Web Studio versions prior to 8.1 SP3
• InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 Update 3

Detailed Information

Notice Identification Number

LFSEC00000133

InduSoft Web Studio and InTouch Edge HMI – Remote Code Execution Vulnerabilities

Security Vulnerability Description

AVEVA Software, LLC (“AVEVA”) has released a new version of InduSoft Web Studio and InTouch Edge HMI which includes a security update to address vulnerabilities in all versions prior to:

• InduSoft Web Studio versions prior to 8.1 SP3
• InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 Update 3

Detailed Information

Notice Identification Number

LFSEC00000135

Wonderware System Platform Vulnerability – Potential for Unauthorized Access to Credentials

Security Vulnerability Description

AVEVA Software, LLC. (“AVEVA”) has released a new version of System Platform which includes a security update to address vulnerabilities in Wonderware System Platform 2017 Update 2 and all prior versions.

These vulnerabilities could allow unauthorized access to the credentials for the ArchestrA Network User Account.

Detailed Information

Additional Cyber Security Updates

2018-2017

LFSEC00000134

Vijeo Citect and Citect SCADA affected by DLL Hijacking vulnerability in a 3rd party component

AVEVA Software, LLC. (“AVEVA”) has become aware of a vulnerability in a 3rd party component used within Vijeo CitectTM v7.40, Vijeo Citect 2015, Citect SCADA v7.40, Citect SCADA 2015, Citect SCADA 2016.

The vulnerability, if exploited, could result in Local Code Execution.

LFSEC00000130

InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) – Remote Code Execution Vulnerability

AVEVA Software, LLC. (“AVEVA”) has created a security update to address vulnerabilities in:

• InduSoft Web Studio versions prior to 8.1 SP2
• InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2

The vulnerabilities in the TCP/IP Server Task could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Edge HMI (formerly InTouch Machine Edition) runtime. If the TCP/IP Server Task is disabled, InduSoft Web Studio is not vulnerable.

LFSEC00000126

InTouch Access Anywhere Insecure 3rd Party Library usage

AVEVA Software, LLC. (“AVEVA”) has created a security update to address an outdated and insecure 3rd party library used in:

• InTouch Access Anywhere 2017 Update 2 and older

The vulnerability, if exploited, could result in a Cross-Site Scripting injection and execution.

LFSEC00000129

Wonderware License Server Insecure 3rd Party component usage

AVEVA Software, LLC. (“AVEVA”) has created a security update to address an outdated and insecure 3rd party component used in:

• Wonderware License Server 4.0.13100 and older

The vulnerability, if exploited, could result in remote code execution with administrative privileges. Wonderware License Server is delivered by Wonderware Information Server 4.0 SP1 and older and Historian Client 2014 R2 SP1 P02 and older.

LFSEC00000128

InduSoft Web Studio and InTouch Machine Edition – Remote Code Execution Vulnerability

AVEVA Software, LLC. (“AVEVA”) has created a security update to address vulnerabilities in:

• InduSoft Web Studio v8.1 and v8.1 SP1
• InTouch Machine Edition 2017 v8.1 and v8.1 SP1

The vulnerabilities, if exploited against the TCP/IP Server Task, could allow an unauthenticated user to remotely execute code with the same privileges as that of the InduSoft Web Studio or InTouch Machine Edition runtime. If the TCP/IP Server Task is disabled, InduSoft Web Studio is not vulnerable.

LFSEC00000127

InTouch Remote Code Execution on locales that do not use a dot floating point separator

AVEVA Software, LLC. (“AVEVA”) has created a security update to address vulnerabilities in:

• InTouch 2017 Update 2
• InTouch 2014 R2 SP1

The vulnerabilities, if exploited on operating system locales that do not use a dot floating point separator, could allow an unauthenticated user to remotely execute code with the same privileges as those of the InTouch View process.

LFSEC00000125

InduSoft Web Studio and InTouch Machine Edition – Remote Code Execution Vulnerability

Schneider Electric Software, LLC (“Schneider Electric”) has created a security update to address vulnerabilities in:

• InduSoft Web Studio v8.1 and prior versions
• InTouch Machine Edition 2017 v8.1 and prior versions

LFSEC00000124

InduSoft Web Studio and InTouch Machine Edition – Remote Code Execution Vulnerability

Security Vulnerability Description: Schneider Electric Software, LLC (“Schneider Electric”) has created a security update to address vulnerabilities in:

• InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions
• InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions

The vulnerabilities, if exploited, could allow an un-authenticated malicious entity to remotely execute code with high privileges.

LFSEC00000121

InduSoft Web Studio – Remote Arbitrary Command Execution Vulnerability

InduSoft by Schneider Electric has created a security update to address vulnerabilities in the InduSoft Web Studio v8.0 SP2 and prior. The vulnerabilities, if exploited, could allow an un-authenticated malicious entity to remotely execute arbitrary commands with high privileges.

LFSEC00000118

Ampla MES multiple vulnerabilities

Ampla by Schneider Electric has created a security update to address vulnerabilities in the Ampla MES versions 6.4 and prior. The vulnerabilities, if exploited, could allow a malicious entity to:

• Compromise credentials used to connect to 3rd party databases
• Compromise credentials of Ampla Users configured with Simple Security

LFSEC00000116

Wonderware ArchestrA Logger multiple vulnerabilities

Wonderware by Schneider Electric has created a security update to address vulnerabilities in the Wonderware ArchestrA Logger versions 2017.426.2307.1 or prior. The vulnerabilities, if exploited, could allow a malicious entity to remotely execute arbitrary code or cause denial of service.

LFSEC00000120

Wonderware Historian Client XML Injection Vulnerability

Wonderware by Schneider Electric has created a security update to address a vulnerability in Wonderware Historian Client 2014 R2 SP1 and prior. The vulnerability, if exploited, could allow a malicious entity to cause denial of service of trend display, or to disclose arbitrary files from the local file system to a malicious web site.

LFSEC00000114

Wonderware InTouch Access Anywhere Vulnerabilities

Wonderware by Schneider Electric has created a security update to address vulnerabilities in Wonderware InTouch Access Anywhere 2014 R2 SP1b (11.5.2) and prior versions. The vulnerabilities, if exploited, could allow a malicious entity to:

• Perform actions on behalf of a legitimate user
• Perform network reconnaissance
• Gain access to resources beyond those intended with normal operation of the product

LFSEC00000119

Privilege Escalation in Tableau Server

Wonderware by Schneider Electric has made available a security update to address vulnerabilities in Tableau Server versions 7.0 to 10.1.3, as used by Wonderware Intelligence versions 2014R3 and prior. The vulnerabilities, if exploited, could allow a malicious entity to escalate their privilege to an administrator and take control over the host machine where Tableau Server is installed.

LFSEC00000115

Wonderware Historian Default Login Credentials

Wonderware Historian creates native SQL logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, SQL resources beyond those created by Wonderware Historian may be compromised as well.

2016-2013

LFSEC00000112

Wonderware Products Default Administrator Credentials (LFSEC00000112)

This Wonderware by Schneider Electric security advisory has been posted to address a “Default Administrator Credentials” that was posted on Github recently. Customers are advised to change any default administrator account credentials as instructed in the products’ end user documentation and administrator guides. Security advisory rating is Medium.

LFSEC00000106

InTouch, AppServer, Historian, and SuiteLink Binary Planting Security Vulnerability (LFSEC00000106)

Wonderware by Schneider Electric has created a security update to address Binary Planting vulnerabilities in Wonderware System Platform 2014 R2. The vulnerabilities, if exploited, could allow malicious code execution and are given a rating of “High.”

LFSEC00000104

InTouch Access Anywhere Server Security Vulnerability

Wonderware by Schneider Electric has created a security update to address a potential vulnerability in the product Wonderware InTouch Access Anywhere Server. This vulnerability, if exploited, could allow remote code execution and is given a rating of "Critical". There are no known exploits in the wild at this time.

LFSEC00000102

Multiple Vulnerabilities in Wonderware Information Server

In coordination with independent researcher Positive Technologies, Wonderware by Schneider Electric has created a security update for Wonderware Information Server (WIS) web pages and components to address multiple vulnerabilities including cross-site scripting, XML Entity injection, SQL injection, weak encryption and storage of SQL Accounts, and hard-coded credentials.

LFSEC000000100

Tableau OpenSSL Vulnerabilities (LFSEC000000100)

Potential security vulnerabilities have been discovered in multiple versions of the OpenSSL library used by Tableau Desktop/Server Software previously posted on WDN. Tableau Software has released a new product install which addresses these security vulnerabilities.

LFSEC00000098

Tableau OpenSSL Vulnerability

A vulnerability has been discovered in the OpenSSL library used by certain versions of Tableau Software Server Components previously posted on WDN. Tableau Software has released security patches for the affected versions.

LFSEC00000081

Wonderware InTouch Improper Input Validation Vulnerability

Positive Technologies have discovered a vulnerability in the InTouch 2012 R2 HMI product which exists in all previous versions. This vulnerability, if exploited, could allow attackers to access local resources (files and internal resources) or enable denial of service attacks. The rating is High and may require social engineering to exploit.

LFSEC00000091

Multiple Vulnerabilities in Wonderware Information Server

In coordination with Independent researchers Timur Yunusov, Alexey Osipov, and Ilya Karpov of the Positive Technologies Research Team, Schneider Electric Software has performed a security update of the Wonderware Information Server (WIS) web pages and components to address multiple vulnerabilities including cross-site scripting, file system access, XML Entity Injection, and blind SQL-injection.

LFSEC00000086

WIN-XML Exporter Improper Input Validation Vulnerability

A vulnerability has been discovered in the WIN-XML Exporter component of Wonderware Information Server. This vulnerability, if exploited, could allow attackers to access local resources (files and internal resources) or enable denial of service attacks.

LFSEC00000090

Improper Input Validation in Ruby on Rails

A vulnerability has been discovered in Ruby on Rails which is used in the Tableau Server Software components distributed with Wonderware Intelligence Software versions up to version 1.5 SP1. This vulnerability, if exploited, allows remote attackers to bypass intended database query restrictions which can result in complete take over on the host machine.

2012-2011

LFSEC00000080

Weak Encryption for InTouch Passwords

A vulnerability has been discovered in the password storage mechanism for the “InTouch” Security Type. Not affected by this vulnerability are end users who have chosen “Windows Integrated” security for their InTouch applications rather than the “InTouch” option.

LFSEC00000073

InTouch 10 DLL Hijack Vulnerability

A vulnerability has been discovered in wwClintF.dll, a common component used by InTouch and other Wonderware System Platform products. This vulnerability, if exploited, could result in an attacker creating a back door into the system.

LFSEC00000017

Directory Traversal Vulnerabilities in Application Server Bootstrap

Schneider Electric Software has discovered directory traversal type vulnerabilities in three components that are installed by the Wonderware Application Server Bootstrap. If exploited, these vulnerabilities could lead to information disclosure, malicious file upload, or arbitrary code execution.

LFSEC00000038

SuiteLink SLSSVC Vulnerability

Schneider Electric Software is aware that a denial of service type vulnerability, including exploit code has been posted on the web against the Wonderware Suitelink service, which is a common component of the System Platform and used to transport value, time and quality of digital I/O information and extensive diagnostics with high throughput between industrial devices, 3rd party and Wonderware products.Schneider Electric Software has confirmed the vulnerability exists for Wonderware products prior to the latest 2012 release and has identified mitigations for other products and prior versions.

LFSEC00000069

Cross-Site Scripting and SQL Injection in Wonderware Information Server pages and Memory Management issues in Historian Client controls.

In coordination with cyber researchers Terry McCorkle and Billy Rios, Schneider Electric Software has performed a security update of the Wonderware Information Server web pages to address multiple vulnerabilities including cross-site scripting and SQL-injection. In addition, memory management issues for the downloaded Historian Client controls were also addressed.

LFSEC00000071

Security Bulletin System Platform Buffer Overflow

Cyber researcher Celil Unuver from SignalSec Corp has discovered two heap-based buffer overflow vulnerabilities in the WWCabFile component of the Wonderware System Platform that is used by the Wonderware Application Server, InFusion (FCS), InTouch, the ArchestrA Application Object Toolkit and the Wonderware Information Server. If exploited, these vulnerabilities could lead to arbitrary code execution. The rating is Medium due to the exploit difficulty and may require social engineering.

LFSEC00000059-61

Memory corruption and XXS Vulnerabilities in Wonderware HMI Reports

Independent security researchers Billy Rios and Terry McCorkle have discovered memory corruption and cross site scripting vulnerabilities in Wonderware HMI Reports 3.42.835.0304. These vulnerabilities, if exploited, could allow an attacker to compromise the host machine. The rating is high but requires social engineering to exploit. Social engineering is when people are unknowingly manipulated to perform certain actions that may be detrimental to the system. For example, asking an end-user to click on an email link or download a file.

LFSEC000000067

InBatch Long String Value Buffer Overflow

Three vulnerabilities have been discovered in the Wonderware InBatch GUIControls, BatchObjSrv and BatchSecCtrl controls. These vulnerabilities, if exploited, could allow an attacker to execute arbitrary code or cause a Denial of Service on machines with Runtime Client components of Wonderware InBatch 9.5 and older versions.

DHS – US-CERT LINKSecurity Bulletin- LFSEC000000067

July 13, 2011 (revised) October 11, 2011

LFSEC00000012

Buffer Overflow in RDBCMI.RuntimeDB.1 and WWView Active X Controls

Two vulnerabilities have been discovered in the Wonderware Information Server client side RDBCMI.RuntimeDB.1 and WWView ActiveX controls. These vulnerabilities, if exploited, could cause a stack based buffer overflow that might allow remote code execution on client machines of Wonderware Information Server versions 3.1, 4.0, 4.0 SP1 and older versions of the product.

LFSEC00000037

Wonderware ArchestrA ConfigurationAccessComponent ActiveX Stack Overflow

A vulnerability has been discovered in a component used by the Wonderware ArchestrA IDE (Integrated Development Environment) and the InFusion IEE (Integrated Engineering Environment) in all supported versions of Wonderware Application Server and InFusion Application Environment with exception of the latest, Wonderware Application Server 3.1 Service Pack 2 Patch 01 (WAS 3.1 SP2 P01).

February 18, 2011 REVISION

LFSEC00000051

Server lm_tcp buffer overflow

A vulnerability has been discovered in InBatch Server and I/A Batch Server in all supported versions of Wonderware InBatch and Foxboro I/A Series Batch. This vulnerability, if exploited, could allow Denial of Service (DoS), the consequence of which is a crash of the InBatch Server

LFSEC00000054

Stack Based buffer overflow in the “Label” method, in the InBatch BatchField ActiveX Control

A vulnerability (Stack overflow) has been discovered in the InBatch BatchField ActiveX Control. This control is installed as part of the InBatch Server and on all InBatch Runtime Clients, including when used embedded in InTouch® and any third party InBatch Client Programs (VB or C++). In addition, this control can be used in publishing InTouch graphics in Wonderware Information Server.

ICS-CERT Security NotificationApril 8, 2011 - LFSEC00000054