Wonderware SuiteLink Vulnerability

Wednesday, May 16, 2012 @ 11:05 AM gHale

There is an unallocated Unicode string vulnerability with proof-of-concept (PoC) exploit code affecting the Invensys Wonderware SuiteLink (SL) service (slssvc), which is part of the System Platform software suite.

SuiteLink is a communications protocol used by Invensys Wonderware supervisory control and data acquisition/human-machine interface (SCADA/HMI) products.

Progea Movicon Vulnerability
Gas Pipelines Under Attack
Using Malware for Recon Work
Russian Cybercrime Consolidates, Grows

The vulnerability allows an attacker to remotely crash older versions of the slssvc service by sending a long and unallocated Unicode string, according to this report, which released without coordination with either the vendor or ICS-CERT.

Invensys has confirmed the vulnerability, reported by Luigi Auriemma, exists for certain versions of Wonderware InTouch and Wonderware Application Server (WAS) prior to the latest 2012 release. Invensys has identified mitigations for other products and prior versions.

“We appreciate it when anyone identifies software issues that may endanger the safety and well being of our customers and their systems,” said Ernest A. Rakaczky, program director – control system security at Invensys Operations Management. “Invensys’ goal within the security development lifecycle is to drive all the security hardening, testing, validation, and whatever else is necessary to prevent vulnerabilities such as this. We believe that in addressing a control system vulnerability it is imperative to work in close collaboration with researchers and the ICS-CERT team to ensure that the best possible mitigation is being developed, communicated and implemented. We are confident that we have a strong set of established procedures in place to update earlier versions of the SuiteLink Service to the current security-hardened release level.”

SuiteLink is a common component used for communication between Wonderware products. It also can be a communication between Wonderware products and some third-party products developed with Wonderware’s Extensibility Tool Kits. The Invensys Wonderware SuiteLink Service connects Wonderware software with third-party products and OPC-compliant devices and applications. Generally, when a user installs a Wonderware product, SuiteLink likely goes in as a common component.

The Invensys Wonderware SuiteLink component is in many industries worldwide, including manufacturing, energy, food and beverage, chemical, and water and wastewater.

Invensys is working to release a standalone update tool that will provide an upgrade path for all products using the SuiteLink component. Customers that require an immediate mediation can upgrade to the following product versions or install the following products to update SuiteLink and resolve this vulnerability on any affected node:
• InTouch/Wonderware Application Server (IT 10.5, WAS 3.5) or later,
• DASABCIP 4.1SP2 (the first product to ship secured version of SuiteLink),
• DASSiDirect 3.0, and
• DASRTC 3.0SP2 or DASRTC 3.0SP3 upgrade for any DAServer or DIObject or third-party toolkit server.

Customers can access these updates at this Web site.

Leave a Reply

You must be logged in to post a comment.