Invensys Patches Wonderware Bug

Friday, March 22, 2013 @ 06:03 PM gHale

Invensys has a patch for a vulnerability that impacts the Wonderware Win-XML Exporter, according to a report on ICS-CERT.

Independent researchers Timur Yunusov, Alexey Osipov, and Ilya Karpov of the Positive Technologies Research Team discovered an improper input validation vulnerability in the Win-XML Exporter. The Positive Technologies Research Team validated the patch fixes the vulnerability.

Mitigation Ready for SEL Bug
Schneider, Researcher Disagree on Holes
SIMATIC Update Solves Bugs
Siemens Mitigates WinCC TIA Bugs

Exploitation of this vulnerability could impact systems deployed in the critical manufacturing, energy, food and beverage, chemical, and water and wastewater sectors.

Win-XML Exporter Version 1522, 148, 0, 0, and possibly earlier versions suffer from the issue.

Successful exploitation of this vulnerability could allow an attacker to affect the confidentiality and availability of the Wonderware Win-XML Exporter.

Invensys develops software, systems, and equipment that enable users to monitor, automate, and control their processes. The Invensys Wonderware Win-XML Exporter sees use in industries worldwide, including critical manufacturing, energy, food and beverage, chemical, and water and wastewater.

The Wonderware Win-XML Exporter converts interface windows from Intouch HMI projects and displays them in Internet Explorer with the help of Wonderware Information Server.

Wonderware Win-XML Exporter allows access to local resources (files and internal resources) via unsafe parsing of XML external entities. By using specially crafted XML files, an attacker can cause Wonderware Win-XML Exporter to send the contents of local or remote resources to the attacker’s server or cause a denial of service of the system.
CVE-2012-4710 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.3.

This vulnerability is not exploitable remotely and cannot suffer exploitation without user interaction. The exploit triggers when a local user runs the vulnerable application and loads the malformed XML files.

No known public exploits specifically target this vulnerability. An attacker with a medium skill would be able to exploit this vulnerability.

Instructions and a link to the update are on the Invensys download page. Invensys said any machine running one or more of the products listed should download the patch. No other components of the Wonderware installed products suffer from the problem. Users should install the update using instructions provided in the ReadMe file for the product and component installed.

Invensys recommends users:
• Read the installation instructions provided with the patch
• Shut down any of the affected software products
• Install the update
• Restart the software

Leave a Reply

You must be logged in to post a comment.