search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Invensys Wonderware InBatch and Foxboro I/A Series Batch database lock manager service (lm_tcp) buffer overflow vulnerability

Vulnerability Note VU#647928

Original Release Date: 2010-12-15 | Last Revised: 2010-12-16


The lm_tcp service in Invensys Wonderware InBatch and Foxboro I/A Series Batch contains a buffer overflow vulnerability when coping string data into a buffer in a fixed structure.


From the Invensys Wonderware website: "InBatch is powerful software that can be used in the most complex batching processes that require a high level of flexibility." Wonderware InBatch runs a database lock manager (lm_tcp) service that listens (manually or automatically during the launching of "Environment Display/Manager") on port 9001. Foxboro I/A Series Batch includes an application with the same service. The service in both products is vulnerable to a buffer overflow when copying a string into a buffer of 150 bytes which is part of a fixed structure.


An attacker can cause the device to crash and may be able to execute arbitrary code.



According to Invensys, users of Wonderware InBatch 8.1 – InBatch Server (all versions), Wonderware InBatch 9.0 – InBatch Server (all versions), I/A Series Batch 8.1 – I/A Series Batch Server (all versions) should apply the vendor security update.

Restrict Access

Enable firewall rules to restrict access for port 9001/tcp to only trusted sources.

Vendor Information


Invensys Affected

Updated:  December 15, 2010



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CVSS Metrics

Group Score Vector



This vulnerability was publicly disclosed by Luigi Auriemma.

This document was written by Michael Orlando.

Other Information

CVE IDs: None
Severity Metric: 24.41
Date Public: 2010-12-08
Date First Published: 2010-12-15
Date Last Updated: 2010-12-16 12:20 UTC
Document Revision: 26

Sponsored by CISA.