{"vuid":"VU#596268","idnumber":"596268","name":"Wonderware SuiteLink null pointer dereference","keywords":["Wonderware","SuiteLink","DoS","Denial of service","slssvc.exe","SCADA"],"overview":"A vulnerability in the way Wonderware SuiteLink handles malformed TCP packets could result in a denial of service.","clean_desc":"Wonderware SuiteLink is a protocol based on TCP/IP that runs as a service listening for connections on port 5413/tcp on Microsoft Windows operating systems. A vulnerability exists in the way the Wonderware SuiteLink Service slssvc.exe handles malformed TCP packets. According to Core Security Advisory CORE-2008-0129: Un-authenticated client programs connecting to the service can send a malformed packet that causes a memory allocation operation (a call to new() operator) to fail returning a NULL pointer. Due to a lack of error-checking for the result of the memory allocation operation, the program later tries to use the pointer as a destination for memory copy operation, triggering an access violation error and terminating the service. Note that this issue affects Wonderware SuiteLink prior to version 2.0 Patch 01. Exploit code for this vulnerability is publicly available.","impact":"A remote, unauthenticated attacker may be able to cause a denial-of-service condition.","resolution":"Apply an update\nThis issue is addressed in Wonderware SuiteLink Version 2.0 Patch 01. Wonderware SuiteLink customers should refer to Wonderware Tech Alert 106 and Wonderware Security Manual - Securing Industrial Control Systems for more details.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported in Core Security Advisory \nCORE-2008-0129","author":"This document was written by Chris Taschner.","public":["http://www.coresecurity.com/?action=item&id=2187","http://www.securityfocus.com/bid/28974","http://secunia.com/advisories/30063/","http://www.wonderware.com/support/mmi/comprehensive/kbcd/html/t002260.htm","http://www.wonderware.com/support/web/secure/downloads/download_serve.asp?id=2355&url=http://www.wonderware.com/support/mmi/registered/patchfixes/SL2.0P1.zip","http://www.wonderware.com/support/mmi/esupport/securitycentral/documents/BestPractices/WWSecGd041707","http://portal.wonderware.com/sites/securitycentral/default.aspx","http://www.milw0rm.com/exploits/6474"],"cveids":["CVE-2008-2005"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-05-06T15:37:37Z","publicdate":"2008-05-05T00:00:00Z","datefirstpublished":"2008-05-06T20:01:05Z","dateupdated":"2008-09-17T21:29:04Z","revision":15,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"11","cam_population":"3","cam_impact":"10","cam_easeofexploitation":"14","cam_attackeraccessrequired":"15","cam_scorecurrent":"3.07125","cam_scorecurrentwidelyknown":"3.661875","cam_scorecurrentwidelyknownexploited":"6.024375","ipprotocol":"tcp","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":3.07125,"vulnote":null}