Denial of service hole in WonderWare SCADA systems
WonderWare is supplier of industrial automation and information software solutions. According to the company’s website [1]: “one third of the world’s plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil & Gas, Food & Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more”.
WonderWare offers software solutions in the areas of Production and Performance Management, and Geographical SCADA and Supervisory HMI (Human-Machine Interface). Several of these solutions running on Microsoft Windows Operating Systems use a common software component, the SuiteLink Service, to implement communications between components using a proprietary protocol over TCP/IP networks.
A vulnerability was found in Wonderware SuiteLink Service (slssvc.exe) that could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet. Exploitation of the vulnerability for remote code execution has not been proven, but it has not been eliminated as a potential scenario.