AVEVA Wonderware System Platform (ICSA-19-029-03) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on an insufficiently protected credentials vulnerability in AVEVA Wonderware System Platform. Update 2 and prior are affected. This vulnerability could allow unauthorized access to the credentials for the ArchestrA Network User Account. AVEVA recommends users using Wonderware System Platform 2017 Update 2 and prior should upgrade to System Platform 2017 Update 3 as soon as possible. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.