Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Foxboro_control_software | Invensys | 3.1 (including) | 3.1 (including) |
| Foxboro_control_software | Invensys | 4.0 (including) | 4.0 (including) |
| Infusion_ce/fe/scada | Invensys | * | 2.5 (including) |
| Intouch | Invensys | * | 2012 (including) |
| Intouch/wonderware_application_server | Invensys | * | 2012 (including) |
| Intouch/wonderware_application_server | Invensys | 10.0 (including) | 10.0 (including) |
| Intouch/wonderware_application_server | Invensys | 10.5 (including) | 10.5 (including) |
| Wonderware_historian | Invensys | * | 10.0 (including) |
| Wonderware_historian | Invensys | 10.0 (including) | 10.0 (including) |
| Wonderware_inbatch | Invensys | * | 9.5 (including) |
| Wonderware_information_server | Invensys | * | 4.5 (including) |
| Wonderware_information_server | Invensys | 3.1 (including) | 3.1 (including) |
| Wonderware_information_server | Invensys | 4.0 (including) | 4.0 (including) |
| Wonderware_information_server | Invensys | 4.0-sp1 (including) | 4.0-sp1 (including) |