The NCCIC has released an advisory regarding a vulnerability of an improper restriction of operations within the bounds of a memory buffer in AVEVA Wonderware License Server. The vulnerability affects Wonderware License Server v4.0.13100 and prior using the vulnerable Flexara Imgrd (Versions 11.13.1.1 and prior); only users with the Counted Licenses feature with “ArchestrAServer.lic” are affected. Successful exploitation of this vulnerability may result in remote code execution with administrative privileges. This vulnerability results from buffer overflows in lmgrd and vendor daemon in Flexera FlexNet Publisher that may allow remote attackers to execute arbitrary code via a crafted packet, resulting in remote code execution with administrator privileges. Currently there are no known public exploits; however, this vulnerability is remotely exploitable, and could be successfully exploited by an attacker with a low skill level. AVEVA has published Security Bulletin LFSEC00000129, and recommends affected users install update “Hotfix Wonderware License Server VU-485744” or later. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. NCCIC/ICS-CERT.