Archestra License Manager Download

Archestra

1. EXECUTIVE SUMMARY

  • ATTENTION: Exploitable remotely/Low skill level to exploit
  • Vendor: AVEVA Software, LLC (AVEVA)
  • Equipment: Wonderware License Server
  • Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer

2. RISK EVALUATION

Successful exploitation of this vulnerability may result in remote code execution with administrative privileges.

3. TECHNICAL DETAILS

Manage your risk capital as you build market share for your software products and cloud services, using our monthly subscription based software license management services. Our solutions mostly run in internal security zones so we have to support activation of licenses on systems that have no external network connections. Installing WWSuite.lic and ArchestrA.lic Local License Files The installation procedure for WWSuite.lic and ArchestrA.lic license files is similar to the procedure used in the License Utility (previous version of ArchestrA License Manager). Click File/Install License File from the main menu, and select the appropriate license file.

3.1 AFFECTED PRODUCTS

The following versions of Wonderware License Server use the vulnerable Flexara Imgrd (Versions 11.13.1.1 and prior):

  • Wonderware License Server v4.0.13100 and prior.

Only users with the Counted Licenses feature with “ArchestrAServer.lic” in Wonderware License Server are affected.
Wonderware License Server is delivered by:

  • Wonderware Information Server 4.0 SP1 and prior, and
  • Historian Client 2014 R4 SP2 P02 and prior.

3.2 VULNERABILITY OVERVIEW

Manager

3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119

Buffer overflows in lmgrd and vendor daemon in Flexera FlexNet Publisher may allow remote attackers to execute arbitrary code via a crafted packet, resulting in remote code execution with administrator privileges.

CVE-2015-8277 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United Kingdom

3.4 RESEARCHER

An anonymous researcher reported this vulnerability to AVEVA, who then reported it to NCCIC.

4. MITIGATIONS

AVEVA recommends affected users install update “Hotfix Wonderware License Server VU-485744” or later, which can be downloaded from:

https://softwaresupportsp.schneider-electric.com/#/producthub/details?id=5076 (login required)

AVEVA has published Security Bulletin LFSEC00000129. It can be found at the following location:

Wonderware Development License

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Wonderware Archestra License Manager

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Archestra license manager download manager

Wonderware License Server

No known public exploits specifically target this vulnerability.


Contact Information

For any questions related to this report, please contact the CISA at:
Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

For industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics
or incident reporting: https://us-cert.cisa.gov/report

CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.

Archestra License Manager Missing

September 5, 2007 – Charlotte, NC. Symbol Factory for ArchestrA brings over 4,000 vector graphic scalable objects in over 60 categories into the new InTouch 10 ArchestrA Symbol Editor. With vertical market symbols for chemical, building automation, finishing, mining, pulp & paper, process, water & wastewater, wire & cable and more, Symbol Factory for ArchestrA empowers users of InTouch 10 with animatable vector objects for use standalone or with other ArchestrA symbols and System Platform Application Objects for their business needs. Symbol Factory for ArchestrA also contains a range of pre-animated objects that InTouch 10 designers can use as is or as a basis for their own business specific solutions. Symbol Factory for ArchestrA is licensed on a per InTouch 10 development node basis with no licenses needed for distribution of the resulting ArchestrA symbols with InTouch 10 and System Platform solutions built by users, system integrators, and machinery OEMs. Customers can purchase Symbol Factory for ArchestrA from their local Wonderware representatives.“The Wonderware InTouch 10 system is an incredible advancement in HMI/Visualization technology. We’ve worked with Wonderware InTouch users for over 10 years and the ArchestrA Symbol Editor takes graphics creation to a new level of quality and reusability, especially when combined with Wonderware’s System Platform 3. Users who have seen Symbol Factory for ArchestrA during our pre-release reviews have said the library will allow them to more rapidly build InTouch 10 graphics that meet their needs and they will recoup their investment in Symbol Factory for ArchestrA in the first project they use it on. We appreciate Wonderware’s support of their 3rd party ISVs and expect we’ll be delivering even more tools for InTouch 10 in the coming months,“ said John Weber, President, Software Toolbox Inc.Keith Jones, Business Manager – HMI/Visualization at Wonderware adds, “We are very excited to have a prominent ISV such as Software Toolbox investing the InTouch 10 platform with their new Symbol Factory for ArchestrA product. We are confident our users will welcome the vertical markets focus and engineering productivity enhancement Symbol Factory for ArchestrA will add to the already powerful InTouch 10 ArchestrA Symbol Editor.” ABOUT SOFTWARE TOOLBOXSoftware Toolbox was founded in 1996 in Charlotte, NC and has helped over 7,000 users, integrators, and OEMs in 67 countries by providing software add-ins, development components, and software applications that enable them to maximize their industrial automation software results. Software Toolbox’s products add functionality, improve connectivity, enhance the engineering and user experience, reduce development time, and improve overall results with every major HMI/SCADA software application in the industry and enable Microsoft Visual Studio developers to access and visualize plant floor data. Software Toolbox also licenses numerous technologies to many major software suppliers in the automation industry to help them maximize the value they deliver to their clients. Software Toolbox has been an active member of the OPC Foundation and the Control System Integrators Association (CSIA) since 1997.

Archestra License Manager Download Software

License

Go to Software Toolbox Inc. website
Learn More