Utilize the links below to obtain the latest information on Security Patch validation, Anti-Virus updates and general information on specific instructions on a mitigation requirement.
Security Notifications:
** Updated ** – February 18, 2011
Original release - December 14, 2010
Wonderware InBatch and Foxboro I/A Series Batch
Server lm_tcp buffer overflow… (LFSEC00000051)
A vulnerability has been discovered in InBatch Server and I/A Batch Server in all supported versions of Wonderware InBatch and Foxboro I/A Series Batch. This vulnerability, if exploited, could allow Denial of Service (DoS), the consequence of which is a crash of the InBatch Server. The rating is medium and would require a malicious application that has access to port 9001 on the batch server and understands the protocol used on that port to send a partially valid message that overflows an internal buffer.
The Invensys cyber-security team is collaborating with the United States government (ICS-CERT) to ensure an appropriate and timely official public communication of the issue.
December 14, 2010 – ICS CERT Notification
March 3, 2011 - ICS CERT Notification Update
February 18, 2011 - LFSEC00000051