Invensys · Invensys Wonderware Information Server · CVE-2013-0686
**Name of the Vulnerable Software and Affected Versions**
Invensys Wonderware Information Server (WIS) versions 4.0 SP1 through 5.0
**Description**
The issue allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
**Recommendations**
For versions 4.0 SP1 through 5.0, as a temporary workaround, consider restricting access to XML documents or disabling the processing of external entities until a patch is available.