Wonderware SuiteLink Unallocated Unicode String Vulnerability
Low RiskICS-CERT ICSA-12-171-01Mar 23, 2012
Summary
Wonderware SuiteLink (slssvc service) contains an unallocated Unicode string vulnerability that could allow remote code execution. The vulnerability affects all versions 54.x and earlier.
What this means
What could happen
An attacker could execute arbitrary code on systems running the Wonderware SuiteLink service, potentially disrupting plant operations, altering process control logic, or compromising historian and SCADA data integrity.
Who's at risk
Water authorities and electric utilities using Wonderware SuiteLink (slssvc) for industrial process control, SCADA monitoring, or historian data collection should assess this risk. Any facility relying on AVEVA products for real-time process visibility and control is affected.
How it could be exploited
An attacker with network access to the SuiteLink service port could send a specially crafted request containing a malformed Unicode string. This triggers a memory allocation error in the slssvc service, allowing code execution on the affected system.
Prerequisites
- Network access to Wonderware SuiteLink service port
- No authentication required
remotely exploitableno authentication requiredno patch available
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
Wonderware slssvc service: <=54.x.x.x≤ 54.x.x.xNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDContact AVEVA for technical guidance on compensating controls, as no vendor patch is available
Mitigations - no patch available
0/2Wonderware slssvc service: <=54.x.x.x has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to the Wonderware SuiteLink service from only authorized engineering workstations and control systems
HARDENINGMonitor network traffic to and from Wonderware SuiteLink service ports for suspicious activity
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b4f0054e-0eb7-47ff-bd76-eefc6459d4f0