Java 7 Vulnerability Note VU#625617

Due to a number of inquiries from customers, we would like to inform you that Java 7 Vulnerability Note VU#625617 does not affect Wonderware software. However, if you are using Java based applications, please be aware of this vulnerability. A short synopsis of the vulnerability can be found below.

The full announcement from the Department of Homeland Security can be found at: http://www.kb.cert.org/vuls/id/625617

Overview

Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available. The Department of Homeland Security has confirmed that Windows, OS X, and Linux platforms are affected. Other platforms that use Oracle Java & may also be affected.

Impact

By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability.

Solutions:

  • Apply an update from Oracle
  • Disable Java in Web Browsers
  • Restrict access to Java applets

More information on these solutions can be found at http://www.kb.cert.org/vuls/id/625617

If you have immediate concerns, please contact contact Wonderware North.


Last 5 Related Posts:


How to reach us:

Phone: 877.900.4996
Sales: sales@wonderwarenorth.com
Support: support@wonderwarenorth.com

Share this article: