Info

Last Modified

about 1 month ago

Percent Complete

25%

Disclosure

May 06, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unavailable
Disclosure: Vendor Verified, Coordinated Disclosure

Products

Unknown or Incomplete

References

CERT VU: 596268
Other Advisory URL: http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=2187
Vendor Specific Advisory URL: http://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm [ Auth Req'd ]
Secunia Advisory ID: 30063
CVE ID: 2008-2005 (see also: NVD)
News Article: http://www.heise-online.co.uk/news/Denial-of-service-hole-in-WonderWare-SCADA-sys ......

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

2008/05/08 17:42:26 | Scada Wonderware Vulnerability

from: Whithout Christ Bin Ich Nichts

Security watchers warn of a rare vulnerability involving software used to control industrial systems. A denial of service vulnerability in monitoring software from Invensys poses a severe risk to the factories and utilities running its Wonderware subsidiary’s InTouch SuiteLink application

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Products

References

Credit

Blogs

Comments