1. EXECUTIVE SUMMARY
It is composed of a browser-based License Manager and a License Server that work together to allow you to share and deliver licenses for your installed products with or without an Internet connection. License Manager and License Server are installed as part of the product installation process. Programs Wonderware Common ArchestrA License Manager. To verify that Dream Report recognizes the license, open Dream Report Studio, and click Help About Dream Report, where you should then see a dialog box indicating a Wonderware-issued license is being used: Note: If a license.dat file is present in the ODSDream Reportlicense. The Tech Note applies to Wonderware products that utilize the Wonderware ArchestrA License Server (such as Wonderware ActiveFactory 9.2 and Wonderware Information Server 3.0). Please ensure you are logged in - Viewing this tech note requires the user to be a customer of Industrial Software Solutions.
Splunk your Wonderware (Archestra) data! You will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve.
- ATTENTION: Exploitable remotely/Low skill level to exploit
- Vendor: AVEVA Software, LLC (AVEVA)
- Equipment: Wonderware License Server
- Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer
2. RISK EVALUATION
Successful exploitation of this vulnerability may result in remote code execution with administrative privileges.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Wonderware License Server use the vulnerable Flexara Imgrd (Versions 11.13.1.1 and prior):
- Wonderware License Server v4.0.13100 and prior.
Only users with the Counted Licenses feature with “ArchestrAServer.lic” in Wonderware License Server are affected.
Wonderware License Server is delivered by:
- Wonderware Information Server 4.0 SP1 and prior, and
- Historian Client 2014 R4 SP2 P02 and prior.
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
Buffer overflows in lmgrd and vendor daemon in Flexera FlexNet Publisher may allow remote attackers to execute arbitrary code via a crafted packet, resulting in remote code execution with administrator privileges.
CVE-2015-8277 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: United Kingdom
3.4 RESEARCHER
An anonymous researcher reported this vulnerability to AVEVA, who then reported it to NCCIC.
Wonderware Archestra License Manager Duties And Responsibilities
4. MITIGATIONS
AVEVA recommends affected users install update “Hotfix Wonderware License Server VU-485744” or later, which can be downloaded from:
https://softwaresupportsp.schneider-electric.com/#/producthub/details?id=5076 (login required)
AVEVA has published Security Bulletin LFSEC00000129. It can be found at the following location:
NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Wonderware Archestra License Manager Salary
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability.
Contact Information
For any questions related to this report, please contact the CISA at:
Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870
For industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics
or incident reporting: https://us-cert.cisa.gov/report
Wonderware Archestra Ide User Manual
CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
Wonderware Archestra License Manager
We recently updated our anonymous product survey; we'd welcome your feedback.
September 5, 2007 – Charlotte, NC. Symbol Factory for ArchestrA brings over 4,000 vector graphic scalable objects in over 60 categories into the new InTouch 10 ArchestrA Symbol Editor. With vertical market symbols for chemical, building automation, finishing, mining, pulp & paper, process, water & wastewater, wire & cable and more, Symbol Factory for ArchestrA empowers users of InTouch 10 with animatable vector objects for use standalone or with other ArchestrA symbols and System Platform Application Objects for their business needs. Symbol Factory for ArchestrA also contains a range of pre-animated objects that InTouch 10 designers can use as is or as a basis for their own business specific solutions. Symbol Factory for ArchestrA is licensed on a per InTouch 10 development node basis with no licenses needed for distribution of the resulting ArchestrA symbols with InTouch 10 and System Platform solutions built by users, system integrators, and machinery OEMs. Customers can purchase Symbol Factory for ArchestrA from their local Wonderware representatives.“The Wonderware InTouch 10 system is an incredible advancement in HMI/Visualization technology. We’ve worked with Wonderware InTouch users for over 10 years and the ArchestrA Symbol Editor takes graphics creation to a new level of quality and reusability, especially when combined with Wonderware’s System Platform 3. Users who have seen Symbol Factory for ArchestrA during our pre-release reviews have said the library will allow them to more rapidly build InTouch 10 graphics that meet their needs and they will recoup their investment in Symbol Factory for ArchestrA in the first project they use it on. We appreciate Wonderware’s support of their 3rd party ISVs and expect we’ll be delivering even more tools for InTouch 10 in the coming months,“ said John Weber, President, Software Toolbox Inc.Keith Jones, Business Manager – HMI/Visualization at Wonderware adds, “We are very excited to have a prominent ISV such as Software Toolbox investing the InTouch 10 platform with their new Symbol Factory for ArchestrA product. We are confident our users will welcome the vertical markets focus and engineering productivity enhancement Symbol Factory for ArchestrA will add to the already powerful InTouch 10 ArchestrA Symbol Editor.” ABOUT SOFTWARE TOOLBOXSoftware Toolbox was founded in 1996 in Charlotte, NC and has helped over 7,000 users, integrators, and OEMs in 67 countries by providing software add-ins, development components, and software applications that enable them to maximize their industrial automation software results. Software Toolbox’s products add functionality, improve connectivity, enhance the engineering and user experience, reduce development time, and improve overall results with every major HMI/SCADA software application in the industry and enable Microsoft Visual Studio developers to access and visualize plant floor data. Software Toolbox also licenses numerous technologies to many major software suppliers in the automation industry to help them maximize the value they deliver to their clients. Software Toolbox has been an active member of the OPC Foundation and the Control System Integrators Association (CSIA) since 1997.
Wonderware Archestra Manual
Go to Software Toolbox Inc. website
Learn More
Comments are closed.