Invensys Wonderware InBatch ActiveX Multiple Buffer Overflow Vulnerabilities
December 20, 2011 (Updated January 4, 2012)
Researcher Kuang-Chun Hung of the Security Research and
Service Institute - Information and Communication Security
Technology Center (ICST) has identified three
vulnerabilities in the Invensys Wonderware InBatch
application. These vulnerabilities exist in the GUIControls,
BatchObjSrv, and BatchSecCtrl ActiveX Controls.
Successful exploitation of these vulnerabilities could allow
an attacker to execute arbitrary code within the context of
an application (typically Internet Explorer) that uses the
ActiveX control. Failed exploit attempts will result in a
denial of service (DoS) on systems with affected versions of
Wonderware InBatch Runtime Client components.
The following InBatch versions are affected:
- 8.1 SP1, 9.0, 9.0 SP1, 9.0 SP2, and 9.5 - InBatch Server
and Runtime Clients
The affected components exist in a variety of Wonderware
products including InTouch and Information Server browser
clients that have downloaded converted windows that contain
these controls.
According to Invensys, I/A Series Batch 8.1 SP1 and
Wonderware InBatch 9.5 SP1 and higher are not affected by
these vulnerabilities.
Invensys has issued software updates that resolve these
vulnerabilities (see links below). The ICST has confirmed
the software updates fully resolve the reported
vulnerabilities.
