OTPulse
FeedAboutContact

Wonderware InBatch Vulnerability

Act NowICS-CERT ICSA-10-348-01ASep 16, 2010
Summary

Wonderware InBatch and I/A Series Batch servers are vulnerable to a buffer overflow (CWE-119) that could allow remote code execution. The vulnerability affects InBatch 8.1, InBatch 9.0, and I/A Series Batch 8.1. AVEVA has indicated no fix will be provided for these end-of-life products.

What this means
What could happen
Attackers could execute arbitrary code on Wonderware InBatch and I/A Series Batch servers, potentially disrupting batch process execution or altering recipe parameters and process setpoints.
Who's at risk
Water treatment plants, pharmaceutical manufacturers, chemical processors, and food/beverage operations that use Wonderware InBatch 8.1/9.0 or I/A Series Batch 8.1 for recipe management and batch process control should take action immediately. InBatch servers are the central point of control for batch recipe distribution and execution tracking.
How it could be exploited
An attacker with network access to the InBatch Server (likely port 4000 or 5000 for Wonderware communications) could send a specially crafted packet or command that triggers a buffer overflow (CWE-119), allowing code execution with the privileges of the batch server process.
Prerequisites
  • Network access to InBatch Server ports
  • No authentication required (vulnerability exploitable at network level)
remotely exploitableno authentication requiredbuffer overflow (CWE-119)no patch availablehigh EPSS score (45.1%)
Exploitability
High exploit probability (EPSS 45.1%)
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
Wonderware InBatch 8.1 - InBatch Server: vers:all/*All versionsNo fix (EOL)
Wonderware InBatch 9.0 - InBatch Server: vers:all/*All versionsNo fix (EOL)
I/A Series Batch 8.1 - I/A Series Batch Server: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGIsolate InBatch servers from untrusted networks using a DMZ, firewall rules, or air-gapping; restrict inbound connections to only authorized recipe download and reporting clients
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to prevent lateral movement from IT network to the batch control segment
HARDENINGMonitor InBatch Server logs and network traffic for unexpected connections or malformed packets
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: Wonderware InBatch 8.1 - InBatch Server: vers:all/*, Wonderware InBatch 9.0 - InBatch Server: vers:all/*, I/A Series Batch 8.1 - I/A Series Batch Server: vers:all/*. Apply the following compensating controls:
HARDENINGConsider discontinuing use of affected InBatch versions and migrating to modern AVEVA batch management solutions that receive security updates
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1abda0c6-d3be-4521-b869-e7ba10f2df39
Wonderware InBatch Vulnerability - OTPulse