Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wonderware intouch vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-2005
The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink prior to 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote malicious users to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large leng...
Wonderware Intouch 8.0
Wonderware Suitelink 2.0
1 EDB exploit
NA
CVE-2012-3005
Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and previous versions, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain pr...
Invensys Intouch\\/wonderware Application Server 10.0
Invensys Intouch\\/wonderware Application Server
Invensys Infusion Ce\\/fe\\/scada
Invensys Wonderware Historian
Invensys Intouch
Invensys Wonderware Historian 10.0
Invensys Wonderware Information Server 4.0
Invensys Wonderware Information Server 3.1
Invensys Foxboro Control Software 4.0
Invensys Intouch\\/wonderware Application Server 10.5
Invensys Wonderware Information Server
Invensys Foxboro Control Software 3.1
Invensys Wonderware Inbatch
NA
CVE-2012-4709
Invensys Wonderware InTouch HMI 2012 R2 and previous versions allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in ...
Invensys Wonderware Intouch
8.8
CVSSv3
CVE-2007-6033
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.
Wonderware Intouch 8.0
NA
CVE-2014-9190
Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote malicious users to execute arbitrary code via a request for a filename that does not exist.
Schneider-electric Wonderware Intouch Access Anywhere Server 10.6
Schneider-electric Wonderware Intouch Access Anywhere Server 11.0
9.8
CVSSv3
CVE-2017-14024
A Stack-based Buffer Overflow issue exists in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote cod...
Schneider-electric Wonderware Intouch
Schneider-electric Wonderware Indusoft Web Studio
9.8
CVSSv3
CVE-2017-13997
A Missing Authentication for Critical Function issue exists in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the ...
Schneider-electric Wonderware Indusoft Web Studio
Schneider-electric Wonderware Intouch
8.8
CVSSv3
CVE-2017-5156
A Cross-Site Request Forgery issue exists in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged ...
Aveva Wonderware Intouch Access Anywhere
9.8
CVSSv3
CVE-2017-5158
An Information Exposure issue exists in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
Aveva Wonderware Intouch Access Anywhere
5.3
CVSSv3
CVE-2017-5160
An Inadequate Encryption Strength issue exists in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.
Aveva Wonderware Intouch Access Anywhere
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »