Overview
A vulnerability has been discovered in a component used by the Wonderware ArchestrA IDE (Integrated Development Environment) and the InFusion IEE (Integrated Engineering Environment) in all supported versions of Wonderware Application Server and InFusion Application Environment with exception of the latest, Wonderware Application Server 3.1 Service Pack 2 Patch 01 (WAS 3.1 SP2 P01). This vulnerability, if exploited, could allow remote code execution. The rating is medium and would require social engineering to exploit. Social engineering is the act of manipulating people to unknowingly perform certain actions that may be detrimental to the system. For example, tricking a user to click on an email link or download a file. This security bulletin announces the software updates available to customers that have been tested on the latest service packs and patches of each major version impacted. Recommendations
Customers using versions of Wonderware Application Server prior to version 3.1 SP2 P01 SHOULD apply the security update to all nodes where the ArchestrA IDE or InFusion IEE is installed. Installation does not require a reboot and runtime execution is not affected.
Please review the below files for more detailed information as well as the techalert to advise on how to correct vulnerability.