[ISN] Denial of service hole in WonderWare SCADA systems
InfoSec News
alerts at infosecnews.org
Thu May 8 02:01:42 CDT 2008
http://www.heise-online.co.uk/news/Denial-of-service-hole-in-WonderWare-SCADA-systems--/110681
Heise Online
7 May 2008
Core Security [1] has discovered a vulnerability in WonderWare [2]
industrial automation products that are used worldwide in power,
petrochemicals, food, utilities, pharmaceutical and engineering
industries. A component of its software for Windows allows attackers to
remotely crash WonderWare systems using crafted packets.
Under Windows, several WonderWare systems use the SuiteLink] service
(slssvc.exe) for inter-component communication via a proprietary
TCP/IP-based protocol. This service listens for incoming network traffic
on TCP port 5413. According to the Core Security advisory, the service
returns a null pointer during memory allocation when processing a
malformed registry packet with an excessively large length field. The
null pointer is later used as a target for a copy operation, resulting
in an access violation exception that makes the program crash. Core
Security does not rule out the possibility that the vulnerability could
also be exploited to inject and execute arbitrary code, but this has not
been demonstrated.
WonderWare has fixed the flaw with a software update. Administrators of
WonderWare systems are advised to download and install version 2.0 patch
01 of SuiteLink at their earliest convenience. The update is available
to registered users for download.
See also:
* Wonderware SuiteLink Denial of Service vulnerability, security
advisory by Core Security
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=2187
* Tech Alert 106, vulnerability report by WonderWare (registered
users only)
http://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm
[1] http://www.coresecurity.com/
[2] http://us.wonderware.com/
More information about the ISN
mailing list