- Description
- Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invensys:wonderware_inbatch:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30CD213C-3241-4E04-A7E9-71D80F9AA719"
},
{
"criteria": "cpe:2.3:a:invensys:wonderware_inbatch:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E99C8469-4F7B-42AD-BEF0-2EAA85926552"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invensys:foxboro_i\\/a_series_batch:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45D6A903-83EE-45F5-83E1-496D42F2E068"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]