Invensys Wonderware Information Server Multiple ActiveX Vulnerabilities
July 26, 2011
Independent security researchers Billy Rios and Terry
McCorkle have identified a stack-based buffer overflow
vulnerability that exists in two different ActiveX controls
used by the Wonderware Information Server product.
Successful exploitation of this vulnerability could allow
remote code execution on a client running vulnerable
versions of the software at teh same privilege level as the
exploited process.
The following Wonderware Information Server client versions
are affected:
- Wonderware Information Server 3.1
- Wonderware Information Server 4.0
- Wonderware Information Server 4.0 SP1
ICS-CERT has coordinated with the researchers and Invensys.
Invensys has issued a patch to address this vulnerability.
The researchers have confirmed this patch fully resolves
this reported vulnerability in both vulnerable ActiveX
controls.
SCADAhacker
comment:
Billy Rios and Terry McCorkle presented at DerbyCon 2011 a
session entitled "100 Bugs in 100 Days: An Analysis of ICS
(SCADA) Software". You can view the presentation by
clicking here.