In association with heise online

07 May 2008, 13:37

Denial of service hole in WonderWare SCADA systems

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Core Security has discovered a vulnerability in WonderWare industrial automation products that are used worldwide in power, petrochemicals, food, utilities, pharmaceutical and engineering industries. A component of its software for Windows allows attackers to remotely crash WonderWare systems using crafted packets.

Under Windows, several WonderWare systems use the SuiteLink] service (slssvc.exe) for inter-component communication via a proprietary TCP/IP-based protocol. This service listens for incoming network traffic on TCP port 5413. According to the Core Security advisory, the service returns a null pointer during memory allocation when processing a malformed registry packet with an excessively large length field. The null pointer is later used as a target for a copy operation, resulting in an access violation exception that makes the program crash. Core Security does not rule out the possibility that the vulnerability could also be exploited to inject and execute arbitrary code, but this has not been demonstrated.

WonderWare has fixed the flaw with a software update. Administrators of WonderWare systems are advised to download and install version 2.0 patch 01 of SuiteLink at their earliest convenience. The update is available to registered users for download.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit