Details of VAR-201207-0134

ID

VAR-201207-0134

CVE

CVE-2012-3007

TITLE

Wonderware SuiteLink Unallocated Unicode String Remote Denial of Service Vulnerability

Trust: 0.9

sources: BID: 53563 // CNNVD: CNNVD-201210-849

DESCRIPTION

Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string. WonderWare is an industrial control and automation software. Wonderware SuiteLink is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. These products are as follows: InTouch/Wonderware Application Server IT pre-10.5 and WAS pre-3.5, DASABCIP pre-4.1 SP2, DASSiDirect pre-3.0, DAServer Runtime Components pre-3.0 SP2 and others. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Invensys Wonderware InTouch SuiteLink Service Denial of Service Vulnerability SECUNIA ADVISORY ID: SA49173 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49173/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49173 RELEASE DATE: 2012-05-16 DISCUSS ADVISORY: http://secunia.com/advisories/49173/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49173/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49173 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in Invensys Wonderware InTouch, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the SuiteLink Service (slssvc.exe) when processing certain packets. This can be exploited to cause the service to crash via a specially crafted packet sent to TCP port 5413. The vulnerability is confirmed in version 10.1.300 Build 0268 (slssvc.exe version 51.5.0.0). Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma: http://aluigi.altervista.org/adv/suitelink_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2012-3007 // JVNDB: JVNDB-2012-003015 // CNVD: CNVD-2012-3548 // BID: 53563 // IVD: b1884d1a-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56288 // PACKETSTORM: 112815

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: b1884d1a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3548

AFFECTED PRODUCTS

vendor:	invensys	model:	dasabcip	scope:	eq	version:	4.1	Trust: 1.6
vendor:	invensys	model:	wonderware application server	scope:	eq	version:	3.0	Trust: 1.6
vendor:	invensys	model:	daserver runtime components	scope:	eq	version:	3.0	Trust: 1.6
vendor:	invensys	model:	wonderware application server	scope:	eq	version:	3.1.201	Trust: 1.6
vendor:	invensys	model:	wonderware application server	scope:	eq	version:	3.1	Trust: 1.6
vendor:	invensys	model:	dasabcip	scope:	lte	version:	4.1	Trust: 1.0
vendor:	invensys	model:	wonderware application server	scope:	lte	version:	3.1	Trust: 1.0
vendor:	invensys	model:	intouch\/wonderware application server	scope:	lte	version:	10.0	Trust: 1.0
vendor:	invensys	model:	wonderware application server	scope:	eq	version:	3.0.200	Trust: 1.0
vendor:	invensys	model:	daserver runtime components	scope:	lte	version:	3.0	Trust: 1.0
vendor:	invensys	model:	dassidirect	scope:	lte	version:	2.0	Trust: 1.0
vendor:	invensys	model:	dasabcip	scope:	lt	version:	4.1 sp2	Trust: 0.8
vendor:	invensys	model:	daserver runtime component	scope:	lt	version:	3.0 sp2	Trust: 0.8
vendor:	invensys	model:	dassidirect	scope:	lt	version:	3.0	Trust: 0.8
vendor:	invensys	model:	intouch	scope:	lt	version:	10.5	Trust: 0.8
vendor:	invensys	model:	wonderware application server	scope:	lt	version:	3.5	Trust: 0.8
vendor:	invensys	model:	intouch	scope:	eq	version:	2012	Trust: 0.6
vendor:	invensys	model:	wonderware application server	scope:	eq	version:	2012	Trust: 0.6
vendor:	invensys	model:	intouch\/wonderware application server	scope:	eq	version:	10.0	Trust: 0.6
vendor:	invensys	model:	dassidirect	scope:	eq	version:	2.0	Trust: 0.6
vendor:	wonderware application server	model:	-	scope:	eq	version:	3.1	Trust: 0.4
vendor:	wonderware	model:	intouch	scope:	eq	version:	7.11	Trust: 0.3
vendor:	wonderware	model:	intouch	scope:	eq	version:	9.5	Trust: 0.3
vendor:	wonderware	model:	intouch	scope:	eq	version:	8.0	Trust: 0.3
vendor:	wonderware	model:	intouch	scope:	ne	version:	10.5	Trust: 0.3
vendor:	dasabcip	model:	-	scope:	eq	version:	4.1	Trust: 0.2
vendor:	dasabcip	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	daserver runtime components	model:	-	scope:	eq	version:	3.0	Trust: 0.2
vendor:	daserver runtime components	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	dassidirect	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	intouch wonderware application server	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	wonderware application server	model:	-	scope:	eq	version:	3.0	Trust: 0.2
vendor:	wonderware application server	model:	-	scope:	eq	version:	3.0.200	Trust: 0.2
vendor:	wonderware application server	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	wonderware application server	model:	-	scope:	eq	version:	3.1.201	Trust: 0.2

sources: IVD: b1884d1a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3548 // BID: 53563 // JVNDB: JVNDB-2012-003015 // CNNVD: CNNVD-201207-049 // NVD: CVE-2012-3007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3007
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3007
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201207-049
value:	MEDIUM
Trust: 0.6
IVD:	b1884d1a-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-56288
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3007
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	b1884d1a-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-56288
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: b1884d1a-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56288 // JVNDB: JVNDB-2012-003015 // CNNVD: CNNVD-201207-049 // NVD: CVE-2012-3007

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-56288 // JVNDB: JVNDB-2012-003015 // NVD: CVE-2012-3007

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201210-849 // CNNVD: CNNVD-201207-049

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: b1884d1a-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201207-049

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003015

PATCH

title:	SuiteLink Service (SLSSVC) Vulnerability (LFSEC 00000038 - UPDATED)	url:	http://iom.invensys.com/EN/pdfLibrary/Security_Bulletin_LFSEC00000038.pdf	Trust: 0.8
title:	Top Page	url:	http://global.wonderware.com/	Trust: 0.8
title:	Wonderware 日本のパートナー	url:	http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx	Trust: 0.8
title:	Wonderware Top Page	url:	http://global.wonderware.com/JP/pages/default.aspx	Trust: 0.8
title:	Patch for Invensys Wonderware SuiteLink Stack Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/18634	Trust: 0.6

sources: CNVD: CNVD-2012-3548 // JVNDB: JVNDB-2012-003015

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3007	Trust: 3.6
db:	ICS CERT	id:	ICSA-12-171-01	Trust: 3.1
db:	BID	id:	53563	Trust: 2.0
db:	SECUNIA	id:	49173	Trust: 1.2
db:	CNNVD	id:	CNNVD-201207-049	Trust: 0.9
db:	CNVD	id:	CNVD-2012-3548	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-003015	Trust: 0.8
db:	CNNVD	id:	CNNVD-201210-849	Trust: 0.6
db:	ICS CERT ALERT	id:	ICS-ALERT-12-136-01	Trust: 0.3
db:	IVD	id:	B1884D1A-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-56288	Trust: 0.1
db:	PACKETSTORM	id:	112815	Trust: 0.1

sources: IVD: b1884d1a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3548 // VULHUB: VHN-56288 // BID: 53563 // JVNDB: JVNDB-2012-003015 // PACKETSTORM: 112815 // CNNVD: CNNVD-201210-849 // CNNVD: CNNVD-201207-049 // NVD: CVE-2012-3007

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-171-01.pdf	Trust: 3.1
url:	http://www.securityfocus.com/bid/53563	Trust: 1.7
url:	http://secunia.com/advisories/49173	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3007	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3007	Trust: 0.8
url:	http://aluigi.altervista.org/adv/suitelink_1-adv.txt	Trust: 0.4
url:	http://global.wonderware.com/en/pages/default.aspx	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-12-136-01.pdf	Trust: 0.3
url:	http://secunia.com/psi_30_beta_launch	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=49173	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/49173/#comments	Trust: 0.1
url:	http://secunia.com/advisories/49173/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-3548 // VULHUB: VHN-56288 // BID: 53563 // JVNDB: JVNDB-2012-003015 // PACKETSTORM: 112815 // CNNVD: CNNVD-201210-849 // CNNVD: CNNVD-201207-049 // NVD: CVE-2012-3007

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 53563 // CNNVD: CNNVD-201210-849

SOURCES

db:	IVD	id:	b1884d1a-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-3548
db:	VULHUB	id:	VHN-56288
db:	BID	id:	53563
db:	JVNDB	id:	JVNDB-2012-003015
db:	PACKETSTORM	id:	112815
db:	CNNVD	id:	CNNVD-201210-849
db:	CNNVD	id:	CNNVD-201207-049
db:	NVD	id:	CVE-2012-3007

LAST UPDATE DATE

2025-04-11T23:08:49.908000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-3548	date:	2012-07-09T00:00:00
db:	VULHUB	id:	VHN-56288	date:	2012-08-14T00:00:00
db:	BID	id:	53563	date:	2015-03-19T09:08:00
db:	JVNDB	id:	JVNDB-2012-003015	date:	2012-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201210-849	date:	2012-11-02T00:00:00
db:	CNNVD	id:	CNNVD-201207-049	date:	2012-07-11T00:00:00
db:	NVD	id:	CVE-2012-3007	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	b1884d1a-2353-11e6-abef-000c29c66e3d	date:	2012-07-09T00:00:00
db:	CNVD	id:	CNVD-2012-3548	date:	2012-07-09T00:00:00
db:	VULHUB	id:	VHN-56288	date:	2012-07-05T00:00:00
db:	BID	id:	53563	date:	2012-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2012-003015	date:	2012-07-06T00:00:00
db:	PACKETSTORM	id:	112815	date:	2012-05-17T11:19:10
db:	CNNVD	id:	CNNVD-201210-849	date:	2012-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201207-049	date:	2012-07-06T00:00:00
db:	NVD	id:	CVE-2012-3007	date:	2012-07-05T03:23:18.637