Install Archestra License Manager

.ArchestrA.lic / wwsuite.lic. License Server Installation.License Manager needs Internet access at only activation time. License Manager will ask for a license file (.lic) to install. 2 Select the ArchestrA.lic license file and click OK. 3 Select the ArchestrAServer.lic license file and click OK. 4 Repeat the selection process for all available license files. 5 The Configure Named User/Device Licenses dialog box may or may not appear, depending on the license you.

1. EXECUTIVE SUMMARY

  • ATTENTION: Exploitable remotely/Low skill level to exploit
  • Vendor: AVEVA Software, LLC (AVEVA)
  • Equipment: Wonderware License Server
  • Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer

2. RISK EVALUATION

Successful exploitation of this vulnerability may result in remote code execution with administrative privileges.

3. TECHNICAL DETAILS

Install Archestra License Manager Job

3.1 AFFECTED PRODUCTS

The following versions of Wonderware License Server use the vulnerable Flexara Imgrd (Versions 11.13.1.1 and prior):

  • Wonderware License Server v4.0.13100 and prior.

Only users with the Counted Licenses feature with “ArchestrAServer.lic” in Wonderware License Server are affected.
Wonderware License Server is delivered by:

  • Wonderware Information Server 4.0 SP1 and prior, and
  • Historian Client 2014 R4 SP2 P02 and prior.

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119

Buffer overflows in lmgrd and vendor daemon in Flexera FlexNet Publisher may allow remote attackers to execute arbitrary code via a crafted packet, resulting in remote code execution with administrator privileges.

CVE-2015-8277 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United Kingdom

3.4 RESEARCHER

An anonymous researcher reported this vulnerability to AVEVA, who then reported it to NCCIC.

Install Archestra License Manager

4. MITIGATIONS

AVEVA recommends affected users install update “Hotfix Wonderware License Server VU-485744” or later, which can be downloaded from:

https://softwaresupportsp.schneider-electric.com/#/producthub/details?id=5076 (login required)

AVEVA has published Security Bulletin LFSEC00000129. It can be found at the following location:

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Duties
  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Install archestra license manager job

Install Archestra License Manager Duties

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Manager

No known public exploits specifically target this vulnerability.


Contact Information

For any questions related to this report, please contact the CISA at:
Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

For industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics
or incident reporting: https://us-cert.cisa.gov/report

CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.

Wonderware Archestra License Manager

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

Wonderware License Cost

We recently updated our anonymous product survey; we'd welcome your feedback.

Schneider Electric Licenses require license activation, a process whereby the authenticity of the license is verified against Wonderware license records via the Schneider Electric License Activation Server (SELAS) and the license is bound to the license server from which the activation was initiated.

License activation requires communication over the Internet with the Schneider Electric License Activation Server (SELAS). That communication can be either direct over the Internet (Online Activation) or indirect through a proxy computer (Offline Activation). This Tech Note describes the process of activating a Schneider Electric license using OFFLINE activation. For information on performing an ONLINE activation, please click here.

Install Archestra License Manager Salary

ACTION

Wonderware License Server

  1. When purchasing a license for a Wonderware product that uses Schneider Electric licensing, the deliverable that you will receive for your order will be an E-mail with multiple attachments – two PDF documents and a .zip archive. Select a machine to act as a License Server, then save and extract the .zip archive attachment to a location easily accessible from that server. The file extracted will be an XML file.
    Figure 1: Entitlement Email Received after Purchase
  2. When installing a product that uses the Schneider Electric licensing model, select to install the Schneider Electric Licensing components as well. In the below image, installation of the Schneider Electric Licensing components is an option accompanying install of the Alarm Adviser services. For simplicity, the demonstration given in this tech note assumes both the License Server and the License Manager are installed on the same machine. If desired, those components can be split across multiple machines. More information and installation instructions can be found here.
    Figure 2: Optional Install of Schneider Electric Licensing Components
  3. If you have installed the Schneider Electric License Server on the same computer as a WW software product that uses Schneider Electric licensing, a dialog will display prompting you to configure your software. If you did not install other Wonderware software and did not receive this prompt, continue to step 6. Otherwise, select Configure.
    Image 3: Call to Action to Configure
  4. The Configurator will open. Configure your software as instructed in the installation guide for that software. Also configure your Schneider Electric License Server by selecting the license server component in the left menu and clicking “Configure”.
    Figure 4: Configurator With Licensing Server Not Yet Configured
  5. When the Schneider Electric License Server has been properly configured, there will be a green check mark next to that component in the components list and the Configuration Messages area will indicate successful configuration.
    Figure 5: Configurator With License Server Configured
  6. Now your Schneider Electric License Server is ready for use. To activate licenses on your Schneider Electric License Server, you must open and use the Schneider Electric License Manager. The License Manager can be launched from Start > All Programs > Schneider Electric > Schneider Electric License Manager.
    Figure 6: All Programs Showing Schneider Electric License Manager
  7. On opening the License Manager to the Servers page you should see the local License Server listed. It will have the same name as the local computer. The License Manager is set, by default, to use Online Activation, which can be verified by the cloud icon in the top right corner. If there is a green check mark in the cloud, Online Activation is enabled. If there is a red X in the cloud, the License Manager is set for Offline Activation.
    Figure 7: License Server With Online Activation Enabled
    Figure 8: License Server With Offline Activation Enabled
  8. If the server is set for Online activation change the activation settings. Click the menu icon at top left to reveal the menu and then select Activation Settings.
    Figure 9: Accessing Activation Settings
  9. Under Activation Settings, select the Offline Activation option.
    Figure 10: Select Offline Activation
  10. Click the menu icon again and return to the Servers page.
    Figure 11: Return to Servers and Activation Area
  11. Click on the server box to go into the license activation area. Click on the Activate button to begin an Offline Activation.
    Figure 12: Begin Activation Process
  12. The License Activation panel will slide out from the right side of the screen. Click the ellipses button next to the Browse field, then browse to and select the Entitlement XML file that you received in Email (Step 1). As soon as you select the file, the Activation Codes included in the entitlement are loaded into the License Activation panel.
    Figure 13: Entitlement Loaded into Activation Panel
  13. Click on the box next to the license or licenses you wish to activate. A check mark will fill the box, indicating that the license has been selected.
    Figure 14: Selecting a License to Activate
  14. Click the Activate button at the bottom of the License Activation panel. For a moment the screen will get darker and there will be an animated progress circle in the middle of the screen.
    Figure 15: Activating the License


    Figure 16: Pause While License Is Marked as Pending Activation

  15. The license will then show in the License Manager with a status of “Pending Activation Request”. Additionally, the Offline Activation select menu will be highlighted yellow.
    Figure 17: License Pending Activation
  16. Click the down-arrow on the Offline Activation select menu and select Request Activation/Deactivation.
    Figure 18: Requesting Activation File
  17. Click Yes on the Confirmation dialog.
    Figure 19: Confirm Request
  18. You will be prompted to download a file. The file’s name begins with “send” and ends with the .sync extension. This is the send.sync file. Save this file to a flash drive or other portable media.
    Figure 20: Download Activation File Prompt
  19. Locate a computer that has an open connection to the Internet. Insert your portable media. Open a browser (IE, Chrome or Firefox) and navigate to URL http://licenseactivation.wonderware.com .
    Figure 21: Schneider Electric License Activation Website
  20. Click the Choose File button. Browse to the location of your portable media and select the send.sync file. Enter the Captcha text seen in the image, then click Upload File.
    Figure 22: Upload File
  21. After a short pause, you will be prompted to save a new file. The file name begins with “recv” and has the .sync extension. This is the recv.sync file. Save this file to your portable media.
    Figure 23: Download Activation File
  22. Return to the offline License Server machine. Insert your portable media.
  23. Launch the Schneider Electric License Manager. On the Offline Activation select menu, select Receive Activation/Deactivation.
    Figure 24: Entitlement Email Received after Purchase
  24. Browse to your portable media and select the recv.sync file. For a moment the screen will get darker and there will be an animated progress circle in the middle of the screen.
    Figure 25: Activation File Being Loaded and Processed
  25. The license is now successfully activated!
    Figure 26: Successfully Activated License