[Ics-security] Fwd: Medium-[ICS-CERT] ICS-ALERT-12-136-01 - WonderWare SuiteLink Unallocated Unicode String

Kelly Mahoney mahoney at jlab.org
Wed May 16 12:05:13 EDT 2012 

Wonderware is one of the most popular SCADA/HMI products in the US.  It 
may be integrated in to turn-key systems like building management and 
machine controls.  As always, let me know if you are using 
Invensys/Wonderware products.

Thanks,

Kelly


-------- Original Message --------

ICS-CERT has released the following Alert to inform critical infrastructure and key resource (CIKR) asset owners and operators of recent and ongoing activity concerning increased risk to CIKR assets, particularly Internet accessible control systems.:

  ICS-ALERT-12-136-01 - WonderWare SuiteLink Unallocated Unicode String

  This Alert can be accessed at www.ics-cert.org or directly through the following links:

  http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-136-01.pdf

  Summary
  ICS-CERT is aware of a public report identifying an unallocated Unicode string vulnerability with proof‑of‑concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink (SL) service (slssvc), which is part of the System Platform software suite. SuiteLink is a communications protocol used by Invensys Wonderware supervisory control and data acquisition/human-machine interface (SCADA/HMI) products. According to this report, the vulnerability allows an attacker to remotely crash older versions of the slssvc service by sending a long and unallocated Unicode string. This report was released by Luigi Auriemma without coordination with either the vendor or ICS‑CERT.
Invensys has confirmed that the vulnerability exists for certain versions of Wonderware InTouch and Wonderware Application Server (WAS) prior to the latest 2012 release. Invensys has identified mitigations for other products and prior versions.
The report included vulnerability details and PoC exploit code for the following vulnerability:
Vulnerability Type
Exploitable
Impact

Unallocated Unicode string
Can be remotely exploited
Denial of Service

This ICS-CERT alert provides early notice of the report and identifies baseline mitigations for reducing risks to these and other cybersecurity risks. ICS-CERT is currently working with the security researcher and Invensys regarding mitigations to resolve this issue.
SuiteLink is a common component used for communication between Wonderware products. It is also used for communication between Wonderware products and some third-party products developed with Wonderware’s Extensibility Tool Kits. The Invensys Wonderware SuiteLink Service connects Wonderware software with third-party products and OPC-compliant devices and applications. Generally, when a Wonderware product is installed, SuiteLink is likely also installed as a common component.
The Invensys Wonderware SuiteLink component is deployed in many industries worldwide, including manufacturing, energy, food and beverage, chemical, and water and wastewater.

  ICS-CERT Operations Center
  1-877-776-7585
  www.ics-cert.org
  ics-cert at dhs.gov


-------------- next part --------------
A non-text attachment was scrubbed...
Name: mahoney.vcf
Type: text/x-vcard
Size: 203 bytes
Desc: not available
Url : https://mailman.jlab.org/pipermail/ics-security/attachments/20120516/446a5557/attachment.vcf

More information about the ICS-Security mailing list