search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Invensys Wonderware InBatch and Foxboro I/A Series Batch database lock manager service (lm_tcp) buffer overflow vulnerability

Vulnerability Note VU#647928

Original Release Date: 2010-12-15 | Last Revised: 2010-12-16

Overview

The lm_tcp service in Invensys Wonderware InBatch and Foxboro I/A Series Batch contains a buffer overflow vulnerability when coping string data into a buffer in a fixed structure.

Description

From the Invensys Wonderware website: "InBatch is powerful software that can be used in the most complex batching processes that require a high level of flexibility." Wonderware InBatch runs a database lock manager (lm_tcp) service that listens (manually or automatically during the launching of "Environment Display/Manager") on port 9001. Foxboro I/A Series Batch includes an application with the same service. The service in both products is vulnerable to a buffer overflow when copying a string into a buffer of 150 bytes which is part of a fixed structure.

Impact

An attacker can cause the device to crash and may be able to execute arbitrary code.

Solution

Upgrade

According to Invensys, users of Wonderware InBatch 8.1 – InBatch Server (all versions), Wonderware InBatch 9.0 – InBatch Server (all versions), I/A Series Batch 8.1 – I/A Series Batch Server (all versions) should apply the vendor security update.

Restrict Access


Enable firewall rules to restrict access for port 9001/tcp to only trusted sources.

Vendor Information

647928
Expand all

Invensys

Updated:  December 15, 2010

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://iom.invensys.com/EN/Pages/IOM_CyberSecurityUpdates.aspx

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This vulnerability was publicly disclosed by Luigi Auriemma.

This document was written by Michael Orlando.

Other Information

CVE IDs: None
Severity Metric: 24.41
Date Public: 2010-12-08
Date First Published: 2010-12-15
Date Last Updated: 2010-12-16 12:20 UTC
Document Revision: 25

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.