Security Issue: CERT Reported Vulnerabilities in iFIX Security
CERT has reported vulnerabilities in iFIX (versions PDE, 2.0, 2.2, 2.21, 2.5, 2.6, 3.0, 3.5, 4.0, 4.5, and 5.0). The vulnerabilities involve iFIX security, and can be exploited when it is used and an attacker has direct or network access to a HMI/SCADA or VIEW node. The consequence of a successful exploit is that an attacker will have elevated privilege to the HMI/SCADA node.
Please review the attached document for further information on these vulnerabilities and mitigating steps.