The lm_tcp service in Invensys Wonderware InBatch and Foxboro I/A Series Batch contains a buffer overflow vulnerability when coping string data into a buffer in a fixed structure.
From the Invensys Wonderware website: "InBatch is powerful software that can be used in the most complex batching processes that require a high level of flexibility." Wonderware InBatch runs a database lock manager (lm_tcp) service that listens (manually or automatically during the launching of "Environment Display/Manager") on port 9001. Foxboro I/A Series Batch includes an application with the same service. The service in both products is vulnerable to a buffer overflow when copying a string into a buffer of 150 bytes which is part of a fixed structure.
An attacker can cause the device to crash and may be able to execute arbitrary code.
This vulnerability was publicly disclosed by Luigi Auriemma.
This document was written by Michael Orlando.
|Date First Published:||2010-12-15|
|Date Last Updated:||2010-12-16 12:20 UTC|