CVE-2010-4557

Name of the Vulnerable Software and Affected Versions Invensys Wonderware InBatch versions 8.1 through 9.0 Invensys Foxboro I/A Series Batch version 8.1

Description The issue is related to a buffer overflow in the lm tcp service, which can be exploited by remote attackers. This can be achieved by sending a crafted request to port 9001, potentially allowing the execution of arbitrary code or causing a denial of service (crash).

Recommendations For Invensys Wonderware InBatch versions 8.1 through 9.0, consider restricting access to port 9001 until a patch is available. For Invensys Foxboro I/A Series Batch version 8.1, restrict access to the lm tcp service to minimize the risk of exploitation.