XML External Entities Resolution vulnerability in Wonderware Information Server

2014-04-01T00:00:00
ID PT-2014-20
Type ptsecurity
Reporter Positive Technologies
Modified 2014-09-05T00:00:00

Description

PT-2014-20: XML External Entities Resolution vulnerability in Wonderware Information Server

Fix date:

                    August 26, 2014

Vector: Remote

Systems affected: Wonderware Information Server 4.xWonderware Information Server 5.x

Vendor: Invensys Systems

Notification status: 01.04.2014 - Vendor gets vulnerability details 26.08.2014 - Vendor releases fixed version and details 05.09.2014 - Public disclosure