Invensys Information for VU#138633

Invensys Wonderware InTouch creates insecure NetDDE share

Status

Affected

Vendor Statement

Wonderware, a business unit of Invensys, is committed to collaborate with our customers and industry standards committees to provide secure applications, security best practices, deployment guidelines, tools and prescriptive guidance for maintaining a secure environment. This issue was addressed in InTouch 9.0 and later versions. In addition to Restricting access per Microsoft Security Bulletin MS04-31, alternative solutions and additional information can be found in Wonderware’s Tech Alert 98 posted on our website. (Please note that access to the Tech Alert will require that you register on our web site.) Wonderware users interested in upgrading should contact Wonderware or their local distributor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Wonderware users should see Wonderware Tech Alert 98 for more information (registration required) or contact Wonderware for more information

If you have feedback, comments, or additional information about this vulnerability, please send us email.