Patches for the security vulnerabilities discovered by US-CERT and ZDI in some older versions of InduSoft Web Studio are available on the Security Hotfix Updates Web Page of the InduSoft website. The current versions of the product do not have any known vulnerabilities.
There are 2 critical updates that affect certain older 6.1, 7.0 and 7.1 IWS versions, and each update hotfix is version specific, as outlined in the hotfix description. Current versions of the products already have these hotfixes installed, and simply installing the most current version of 6.1, 7.0, and 7.1, if you have not already done so, will also alleviate these issues.
If you have any questions regarding the InduSoft Security Hotfix Updates Web Page, the Critical Updates that are available, or if you have questions about whether or not your installed IWS version may be vulnerable to an exploit that a specific update hotfix may address, please contact InduSoft Technical Support at:
877-INDUSOFT (877-463-8763) or outside of the US or Canada at +1 512.349.0334 or by email at firstname.lastname@example.org
Support hours: M-F 8:30am and 5:30pm, CST (UTC-6) Summer (UTC-5)