Java 7 Vulnerability Note VU#625617
Due to a number of inquiries from customers, we would like to inform you that Java 7 Vulnerability Note VU#625617 does not affect Wonderware software. However, if you are using Java based applications, please be aware of this vulnerability. A short synopsis of the vulnerability can be found below.
The full announcement from the Department of Homeland Security can be found at: http://www.kb.cert.org/vuls/id/625617
Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available. The Department of Homeland Security has confirmed that Windows, OS X, and Linux platforms are affected. Other platforms that use Oracle Java & may also be affected.
By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability.
- Apply an update from Oracle
- Disable Java in Web Browsers
- Restrict access to Java applets
More information on these solutions can be found at http://www.kb.cert.org/vuls/id/625617
If you have immediate concerns, please contact contact Wonderware North.
How to reach us:
Share this article: