News
[Security]| Thursday 8th May 2008 |
Computerised Supervisory Control And Data Acquisition (SCADA) systems are used to
control various machinery in factories and other industrial complexes. Around a third of these locations use the SuiteLink Service software from WonderWare, which has sold some 500,000 licences.
"A vulnerability was found in Wonderware SuiteLink Service (slssvc.exe) that could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to
|
|
|
ADVERTISEMENT |
|
By sending a malicious packet to the TCP port of a system running SuiteLink Service an attacker can cause an access violation error, which would cause the system to shut down entirely.
"Due to a lack of error-checking for the result of the memory allocation operation, the program later tries to use the pointer as a destination for memory copy operation, triggering an access violation error and terminating the service," claims the Core Security advisory.
Wonderware, a division of Invensys, has posted a patch, which will prevent attacks using this approach once installed. However, it could be some time before all 500,000 users update their software.
"A potential denial of service issue on an insecure network which could have been instigated by a hostile internal user has been addressed in SuiteLink 2.0 Patch 01," explains a statement from Wonderware.
Submit to: Digg | Slashdot | Del.icio.us | Technorati
Exciting family game based on balance, calculated risk and cool nerve.
LEGO BIONICLE® Matoran: 8946 Photok
Taking crazy risks, Photok uses his twin power blades and rocket booster to prove he's as good as any Toa. Combine with 8687 Toa Pohatu too for twice ...
Risky Business - Lockere Geschfte [DVD]
