CVE-2013-0686

Name of the Vulnerable Software and Affected Versions Invensys Wonderware Information Server (WIS) versions 4.0 SP1 through 5.0

Description The issue allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For versions 4.0 SP1 through 5.0, as a temporary workaround, consider restricting access to XML documents or disabling the processing of external entities until a patch is available.