Vulnerability Note VU#647928

Invensys Wonderware InBatch and Foxboro I/A Series Batch database lock manager service (lm_tcp) buffer overflow vulnerability

Original Release date: 15 Dec 2010 | Last revised: 16 Dec 2010

Overview

The lm_tcp service in Invensys Wonderware InBatch and Foxboro I/A Series Batch contains a buffer overflow vulnerability when coping string data into a buffer in a fixed structure.

Description

From the Invensys Wonderware website: "InBatch is powerful software that can be used in the most complex batching processes that require a high level of flexibility." Wonderware InBatch runs a database lock manager (lm_tcp) service that listens (manually or automatically during the launching of "Environment Display/Manager") on port 9001. Foxboro I/A Series Batch includes an application with the same service. The service in both products is vulnerable to a buffer overflow when copying a string into a buffer of 150 bytes which is part of a fixed structure.

Impact

An attacker can cause the device to crash and may be able to execute arbitrary code.

Solution

Upgrade

According to Invensys, users of Wonderware InBatch 8.1 – InBatch Server (all versions), Wonderware InBatch 9.0 – InBatch Server (all versions), I/A Series Batch 8.1 – I/A Series Batch Server (all versions) should apply the vendor security update.

Restrict Access


Enable firewall rules to restrict access for port 9001/tcp to only trusted sources.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Invensys Affected-15 Dec 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was publicly disclosed by Luigi Auriemma.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: Unknown
  • Date Public: 08 Dec 2010
  • Date First Published: 15 Dec 2010
  • Date Last Updated: 16 Dec 2010
  • Severity Metric: 24.41
  • Document Revision: 25

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.