Invensys Wonderware Win-XML Exporter Improper Input Validation Vulnerability

Overview This advisory was originally posted to the US-CERT secure Portal library on March 08, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware Win-XML Exporter. Researchers Timur Yunusov,...

Xxe

Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...

CVE-2012-4710

CVE-2012-4710 affects Invensys Wonderware Win-XML Exporter (version 1522.148.0.0 cited). The issue is an XML External Entity (XXE) vulnerability: parsing XML with an unsafe DTD/entity declaration allows a local/remote resource disclosure, outbound HTTP requests, or a denial of service (CPU/memory...

PT-2013-36: XML External Entity Injection in Wonderware Win-XML Exporter

Positive Research Center experts have discovered "XML External Entity Injection" vulnerability in Wonderware Win-XML Exporter. If an attacker manages to make a victim open a project that contains specially crafted XML, Wonderware Win-XML Exporter will automatically send the contents of local or...