5 - VU#596268

Executive Summary

Summary
Title	Wonderware SuiteLink null pointer dereference

Informations
Name	VU#596268	First vendor Publication	2008-05-06
Vendor	VU-CERT	Last vendor Modification	2008-05-23
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#596268

Wonderware SuiteLink null pointer dereference

Overview

A vulnerability in the way Wonderware SuiteLink handles malformed TCP packets could result in a denial of service.

I. Description

Wonderware SuiteLink is a protocol based on TCP/IP that runs as a service listening for connections on port 5413/tcp on Microsoft Windows operating systems. A vulnerability exists in the way the Wonderware SuiteLink Service slssvc.exe handles malformed TCP packets. According to Core Security Advisory CORE-2008-0129:

Un-authenticated client programs connecting to the service can send a malformed packet that causes a memory allocation operation (a call to new() operator) to fail returning a NULL pointer. Due to a lack of error-checking for the result of the memory allocation operation, the program later tries to use the pointer as a destination for memory copy operation, triggering an access violation error and terminating the service.

Note that this issue affects Wonderware SuiteLink prior to version 2.0 Patch 01.

II. Impact

A remote, unauthenticated attacker may be able to cause a denial-of-service condition.

III. Solution

Apply an update

This issue is addressed in Wonderware SuiteLink Version 2.0 Patch 01. Wonderware SuiteLink customers should refer to Wonderware Tech Alert 106 and Wonderware Security Manual - Securing Industrial Control Systems for more details.

Systems Affected

Vendor	Status	Date Updated
Invensys	Vulnerable	23-May-2008
Wonderware	Vulnerable	23-May-2008

References

http://www.coresecurity.com/?action=item&id=2187
http://www.securityfocus.com/bid/28974
http://secunia.com/advisories/30063/
http://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm
http://www.wonderware.com/support/web/secure/downloads/download_serve.asp?id=2355&url=http://www.wonderware.com/support/mmi/registered/patchfixes/SL2.0P1.zip
http://www.wonderware.com/support/mmi/esupport/securitycentral/documents/BestPractices/WWSecGd041707
http://portal.wonderware.com/sites/securitycentral/default.aspx

Credit

This vulnerability was reported in Core Security Advisory CORE-2008-0129.

This document was written by Chris Taschner.

Other Information

Date Public	05/05/2008
Date First Published	05/06/2008 04:01:06 PM
Date Last Updated	05/23/2008
CERT Advisory
CVE Name	CVE-2008-2005
US-CERT Technical Alerts
Metric	3.07
Document Revision	13

Original Source

Url : http://www.kb.cert.org/vuls/id/596268

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

CPE : Common Platform Enumeration

Type	Description	Count
Application	Wonderware Intouch cpe:2.3:a:wonderware:intouch:8.0:::::::*	1
Application	Wonderware Suitelink cpe:2.3:a:wonderware:suitelink:2.0:::::::*	1

Open Source Vulnerability Database (OSVDB)

Id	Description
44801	Invensys Wonderware SuiteLink Service (slssvc.exe) Crafted Registration Packe...

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	2
osvdb(s)	1

	Related
5	CVE-2008-2005
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)