16 May 2012
01 May 2013
Invensys Wonderware InTouch 10.x
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Luigi Auriemma has discovered a vulnerability in Invensys Wonderware InTouch, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the SuiteLink Service (slssvc.exe) when processing certain packets. This can be exploited to cause the service to crash via a specially crafted packet sent to TCP port 5413.
The vulnerability is confirmed in version 10.1.300 Build 0268 (slssvc.exe version 22.214.171.124) and reported in the SuiteLink Service versions 54.x.x.x and prior. Other versions may also be affected.
Update to the SuiteLink Service version 58 or later or install security update patch. Please see original advisory for more details.