Home -> Resources -> SCADA/ICS Vulnerability Reference -> Invensys Wonderware

Invensys Wonderware Information Server Multiple ActiveX Vulnerabilities

July 26, 2011

Independent security researchers Billy Rios and Terry McCorkle have identified a stack-based buffer overflow vulnerability that exists in two different ActiveX controls used by the Wonderware Information Server product. Successful exploitation of this vulnerability could allow remote code execution on a client running vulnerable versions of the software at teh same privilege level as the exploited process.

The following Wonderware Information Server client versions are affected:
-  Wonderware Information Server 3.1
-  Wonderware Information Server 4.0
-  Wonderware Information Server 4.0 SP1

ICS-CERT has coordinated with the researchers and Invensys. Invensys has issued a patch to address this vulnerability. The researchers have confirmed this patch fully resolves this reported vulnerability in both vulnerable ActiveX controls.

SCADAhacker comment:
Billy Rios and Terry McCorkle presented at DerbyCon 2011 a session entitled "100 Bugs in 100 Days: An Analysis of ICS (SCADA) Software". You can view the presentation by clicking here.

ICS-CERT Advisories / Alerts

ICSA-11-195-01
ICSA-11-195-01P (released on Jul. 14, 2011 via US-CERT secure Portal)

Vendor Website (include Patches / Hotfixes)

Invensys Operations Management Home Page
Wonderware Information Server 2012 Product Info
Security Vulnerability - Wonderware ArchestrA ActiveX Stack Overflow - Tech Alert 138
Customer Advisory (includes Patch links) - Buffer Overflow in ActiveX Controls - CR LFSEC00000012
Wonderware Cyber Security Updates (login required)
Invensys Operations Management Cyber Security Updates
Software Patch (login required)
Invensys Securing Industrial Control Systems Guide
Microsoft Support KB240797 - How to stop an ActiveX control from running in Internet Explorer

Exploit Proof-of-Concept

Security Focus (ID 50047)
No public exploit is available at this time.

Common Vulnerability & Exposure (CVE) References

CVE-2011-2962
NVD CVE-2011-2962

Additional Information

IBM Internet Security Systems #68988
Open-Source Vulnerability Database #74264
Secunia Advisory #45476
Secunia Vulnerability Report and Statistics on Information Server 3.x
Secunia Vulnerability Report and Statistics on Information Server 4.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 48976

Wonderware Vulnerabilities Patched (ISSSource)