This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Wonderware First view 2007-11-19
Product Intouch Last view 2008-05-06
Version 8.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:wonderware:intouch

Activity : Overall

Related : CVE

  Date Alert Description
5 2008-05-06 CVE-2008-2005

The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.

9 2007-11-19 CVE-2007-6033

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-399 Resource Management Errors
50% (1) CWE-264 Permissions, Privileges, and Access Controls

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-61 Session Fixation
CAPEC-62 Cross Site Request Forgery (aka Session Riding)
CAPEC-122 Exploitation of Authorization
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-232 Exploitation of Privilege/Trust
CAPEC-234 Hijacking a privileged process

Open Source Vulnerability Database (OSVDB)

id Description
44801 Invensys Wonderware SuiteLink Service (slssvc.exe) Crafted Registration Packe...
42398 Invensys Wonderware InTouch NetDDE Share Permission Weakness Remote Privilege...