CVE-2008-2005
WonderWare SuiteLink 2.0 - Remote Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.
El servicio SuiteLink Service (también conocido como slssvc.exe) en WonderWare SuiteLink anterior a 2.0 Patch 01, como el usado en WonderWare InTouch 8.0, permite a atacantes remotos provocar una denegación de servicio(referencia a puntero nulo y apagado de servicio) y posiblemente ejecutar código de su elección mediante un valor de longitud largo en un paquete Registration (registro) al puerto TCP 5413, que provoca un fallo de asignación de memoria.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-04-28 CVE Reserved
- 2008-05-06 CVE Published
- 2024-06-18 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/30063 | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/596268 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/491623/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28974 | Vdb Entry | |
| http://www.securitytracker.com/id?1019966 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42221 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/6474 | 2024-08-07 | |
| http://www.coresecurity.com/?action=item&id=2187 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wonderware Search vendor "Wonderware" | Intouch Search vendor "Wonderware" for product "Intouch" | 8.0 Search vendor "Wonderware" for product "Intouch" and version "8.0" | - |
Affected
| ||||||
| Wonderware Search vendor "Wonderware" | Suitelink Search vendor "Wonderware" for product "Suitelink" | 2.0 Search vendor "Wonderware" for product "Suitelink" and version "2.0" | - |
Affected
| ||||||