PT-2007-6950 · Invensys · Invensys Wonderware Intouch
Published
2007-11-20
·
Updated
2024-01-25
·
CVE-2007-6033
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Invensys Wonderware InTouch version 8.0
Description
The issue allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs due to insecure permissions set on a NetDDE share.
Recommendations
For Invensys Wonderware InTouch version 8.0, consider restricting access to the NetDDE share to prevent unauthorized execution of programs until a patch is available.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Invensys Wonderware Intouch