Invensys Wonderware InTouch SuiteLink Service Denial of Service Vulnerability

Secunia ID	SA49173
CVE-ID	CVE-2012-3007, CVE-2012-3847
Release Date	16 May 2012
Last Change	01 May 2013
Criticality	Less Critical
Solution Status	Vendor Patch
Software	Invensys Wonderware InTouch 10.x
Where	From local network
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Description	Luigi Auriemma has discovered a vulnerability in Invensys Wonderware InTouch, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the SuiteLink Service (slssvc.exe) when processing certain packets. This can be exploited to cause the service to crash via a specially crafted packet sent to TCP port 5413. The vulnerability is confirmed in version 10.1.300 Build 0268 (slssvc.exe version 51.5.0.0) and reported in the SuiteLink Service versions 54.x.x.x and prior. Other versions may also be affected.
Solution	Update to the SuiteLink Service version 58 or later or install security update patch. Please see original advisory for more details. https://wdn.wonderware.com/sites/WDN/Pages/Downloads/Software.aspx
Reported by	Luigi Auriemma.
Original Advisory	Luigi Auriemma: http://aluigi.altervista.org/adv/suitelink_1-adv.txt ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf http://ics-cert.us-cert.gov/alerts/ICS-ALERT-12-136-01

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.