AVEVA SuiteLink Server

Plan PatchCVSS 7.5ICS-CERT ICSA-24-226-01Aug 13, 2024

AVEVA

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A resource exhaustion vulnerability in AVEVA SuiteLink Server (CWE-770) allows an unauthenticated attacker to send crafted network messages to the SuiteLink server, causing it to consume excessive system resources (CPU, memory) and stop processing SuiteLink messages. This prevents real-time data exchange between SCADA/HMI applications and control devices. The vulnerability affects SuiteLink versions 3.7.0 and earlier, and related AVEVA products (Historian, InTouch, Application Server, Communication Drivers Pack, Batch Management) when running affected versions through 2023 R2.

What this means

What could happen

An attacker can cause the SuiteLink server to exhaust system resources and stop processing messages, disrupting real-time data exchange between control systems and supervisory applications in your plant.

Who's at risk

Any organization using AVEVA SuiteLink, Historian, InTouch, Application Server, Communication Drivers Pack, or Batch Management for real-time process monitoring, data logging, and supervisory control. This affects manufacturing plants, utilities, and refineries that rely on AVEVA HMI and historians to monitor and coordinate industrial processes.

How it could be exploited

An unauthenticated attacker on the network sends crafted messages to port 5413 (SuiteLink's default listening port) that trigger excessive resource consumption on the server. No authentication or special configuration is required—the attacker only needs network reachability to the SuiteLink server.

Prerequisites

Network access to SuiteLink server on port 5413 (default)
SuiteLink must be reachable from the attacker's network segment
No authentication required

remotely exploitableno authentication requiredlow complexityaffects supervisory/data collection systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

InTouch: <=2023_R2_P01≤ 2023 R2 P012023_R2_P02+

SuiteLink: <=3.7.0≤ 3.7.03.7.100

Historian: <=2023_R2_P01≤ 2023 R2 P012023_R2_P02+

Application Server: <=2023_R2_P01≤ 2023 R2 P012023_R2_P02+

Communication Drivers Pack: <=2023_R2≤ 2023 R22023_R2_P01+

Batch Management: <=2023≤ 20232023_R2+

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict inbound access to SuiteLink port 5413 using host or network firewall rules—allow traffic only from known and trusted engineering workstations and control system devices

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply SuiteLink firmware update to v3.7.100 or later

Long-term hardening

0/2

HARDENINGIsolate SuiteLink server and connected control networks from the business network using network segmentation or a DMZ

HARDENINGEnsure SuiteLink server is not directly accessible from the internet or untrusted networks

CVEs (1)

CVE-2024-7113

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7f1113da-f3e0-48e0-92df-2bdd7ec36397

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.