Multiple SQL Injection vulnerabilities in Wonderware Information Server

2012-12-16T00:00:00
ID PT-2013-38
Type ptsecurity
Reporter Positive Technologies
Modified 2013-06-10T00:00:00

Description

PT-2013-38: Multiple SQL Injection vulnerabilities in Wonderware Information Server

Fix date:

                    April 23, 2013

Vector: Remote

Systems affected: Wonderware Information Server 5.xWonderware Information Server 4.x

Vendor: Invensys Systems

Notification status: 16.12.2012 - Vendor gets vulnerabilities details 23.04.2013 - Vendor releases fixed version and details 10.06.2013 - Public disclosure