CVE-2012-4709

Name of the Vulnerable Software and Affected Versions Invensys Wonderware InTouch HMI versions 2012 R2 and earlier

Description The issue allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service through CPU and memory consumption. This is related to an XML External Entity (XXE) issue, where an XML document containing an external entity declaration in conjunction with an entity reference can be used for exploitation.

Recommendations For versions 2012 R2 and earlier, as a temporary workaround, consider restricting access to XML documents and external entity declarations until a patch is available. Additionally, restrict HTTP requests to intranet servers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.