Sign-up

ID

VAR-201207-0299


CVE

CVE-2012-3847


TITLE

Invensys Wonderware SuiteLink Denial of service vulnerability

Trust: 0.8

sources: IVD: b181e088-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3547

DESCRIPTION

slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unicode string, a different vulnerability than CVE-2012-3007. WonderWare is an industrial control and automation software. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Invensys Wonderware InTouch SuiteLink Service Denial of Service Vulnerability SECUNIA ADVISORY ID: SA49173 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49173/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49173 RELEASE DATE: 2012-05-16 DISCUSS ADVISORY: http://secunia.com/advisories/49173/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49173/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49173 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in Invensys Wonderware InTouch, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the SuiteLink Service (slssvc.exe) when processing certain packets. This can be exploited to cause the service to crash via a specially crafted packet sent to TCP port 5413. The vulnerability is confirmed in version 10.1.300 Build 0268 (slssvc.exe version 51.5.0.0). Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma: http://aluigi.altervista.org/adv/suitelink_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2012-3847 // JVNDB: JVNDB-2012-003016 // CNVD: CNVD-2012-3547 // IVD: b181e088-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57128 // PACKETSTORM: 112815

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: b181e088-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3547

AFFECTED PRODUCTS

vendor:invensysmodel:intouchscope:eqversion:2012

Trust: 3.0

vendor:invensysmodel:wonderware application serverscope:eqversion:2012

Trust: 3.0

vendor:intouchmodel: - scope:eqversion:2012

Trust: 0.2

vendor:wonderware application servermodel: - scope:eqversion:2012

Trust: 0.2

sources: IVD: b181e088-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3547 // JVNDB: JVNDB-2012-003016 // CNNVD: CNNVD-201207-050 // NVD: CVE-2012-3847

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3847
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3847
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201207-050
value: MEDIUM

Trust: 0.6

IVD: b181e088-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-57128
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3847
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: b181e088-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-57128
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: b181e088-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-57128 // JVNDB: JVNDB-2012-003016 // CNNVD: CNNVD-201207-050 // NVD: CVE-2012-3847

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-57128 // JVNDB: JVNDB-2012-003016 // NVD: CVE-2012-3847

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-050

TYPE

Resource management error

Trust: 0.8

sources: IVD: b181e088-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201207-050

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003016

PATCH
title:SuiteLink Service (SLSSVC) Vulnerability (LFSEC 00000038 - UPDATED)url:http://iom.invensys.com/EN/pdfLibrary/Security_Bulletin_LFSEC00000038.pdf
Trust: 0.8
title:Top Pageurl:http://global.wonderware.com/
Trust: 0.8
title:Wonderware 日本のパートナーurl:http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx
Trust: 0.8
title:Wonderware Top Pageurl:http://global.wonderware.com/JP/pages/default.aspx
Trust: 0.8
title:Patch for Invensys Wonderware SuiteLink Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/18633
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-3547 // 
            
            
            
            JVNDB: JVNDB-2012-003016

EXTERNAL IDS
db:NVDid:CVE-2012-3847
Trust: 3.3
db:ICS CERTid:ICSA-12-171-01
Trust: 3.1
db:SECUNIAid:49173
Trust: 1.2
db:CNNVDid:CNNVD-201207-050
Trust: 0.9
db:CNVDid:CNVD-2012-3547
Trust: 0.8
db:JVNDBid:JVNDB-2012-003016
Trust: 0.8
db:IVDid:B181E088-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-57128
Trust: 0.1
db:PACKETSTORMid:112815
Trust: 0.1
sources:
            
            
            IVD: b181e088-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-3547 // 
            
            
            
            VULHUB: VHN-57128 // 
            
            
            
            JVNDB: JVNDB-2012-003016 // 
            
            
            
            PACKETSTORM: 112815 // 
            
            
            
            CNNVD: CNNVD-201207-050 // 
            
            
            
            NVD: CVE-2012-3847

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-171-01.pdf
Trust: 3.1
url:http://secunia.com/advisories/49173
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3847
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3847
Trust: 0.8
url:http://secunia.com/psi_30_beta_launch
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=49173
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://aluigi.altervista.org/adv/suitelink_1-adv.txt
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/49173/#comments
Trust: 0.1
url:http://secunia.com/advisories/49173/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-3547 // 
            
            
            
            VULHUB: VHN-57128 // 
            
            
            
            JVNDB: JVNDB-2012-003016 // 
            
            
            
            PACKETSTORM: 112815 // 
            
            
            
            CNNVD: CNNVD-201207-050 // 
            
            
            
            NVD: CVE-2012-3847

CREDITS
Secunia
Trust: 0.1
sources:
            
            
            PACKETSTORM: 112815

SOURCES
db:IVDid:b181e088-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-3547
db:VULHUBid:VHN-57128
db:JVNDBid:JVNDB-2012-003016
db:PACKETSTORMid:112815
db:CNNVDid:CNNVD-201207-050
db:NVDid:CVE-2012-3847

LAST UPDATE DATE
2025-04-11T23:08:49.869000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-3547date:2012-07-09T00:00:00
db:VULHUBid:VHN-57128date:2012-08-14T00:00:00
db:JVNDBid:JVNDB-2012-003016date:2012-07-06T00:00:00
db:CNNVDid:CNNVD-201207-050date:2012-07-11T00:00:00
db:NVDid:CVE-2012-3847date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:b181e088-2353-11e6-abef-000c29c66e3ddate:2012-07-09T00:00:00
db:CNVDid:CNVD-2012-3547date:2012-07-09T00:00:00
db:VULHUBid:VHN-57128date:2012-07-05T00:00:00
db:JVNDBid:JVNDB-2012-003016date:2012-07-06T00:00:00
db:PACKETSTORMid:112815date:2012-05-17T11:19:10
db:CNNVDid:CNNVD-201207-050date:2012-07-06T00:00:00
db:NVDid:CVE-2012-3847date:2012-07-05T03:23:18.683