Vulnerability Name:

CVE-2012-3007 (CCN-76766)

Assigned:2011-08-16
Published:2011-08-16
Updated:2012-08-14
Summary:Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.1 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-3007

Source: CCN
Type: Wonderware Web Site
SuiteLink

Source: CCN
Type: SA49173
Invensys Wonderware InTouch SuiteLink Service Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
49173

Source: CCN
Type: OSVDB ID: 81983
Invensys Wonderware InTouch slssvc.exe Packet Parsing Remote DoS

Source: BID
Type: UNKNOWN
53563

Source: CCN
Type: BID-53563
Wonderware SuiteLink Unallocated Unicode String Remote Denial of Service Vulnerability

Source: CCN
Type: ICSA-12-171-01
WONDERWARE SUITELINK UNALLOCATED UNICODE STRING VULNERABILITY

Source: MISC
Type: US Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf

Source: XF
Type: UNKNOWN
wonderware-suitelink-slssvc-dos(76766)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:invensys:dasabcip:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:invensys:dasabcip:*:sp1:*:*:*:*:*:* (Version <= 4.1)
  • OR cpe:/a:invensys:daserver_runtime_components:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:invensys:daserver_runtime_components:*:sp1:*:*:*:*:*:* (Version <= 3.0)
  • OR cpe:/a:invensys:dassidirect:*:*:*:*:*:*:*:* (Version <= 2.0)
  • OR cpe:/a:invensys:intouch/wonderware_application_server:*:*:*:*:*:*:*:* (Version <= 10.0)
  • OR cpe:/a:invensys:wonderware_application_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:invensys:wonderware_application_server:3.0.200:sp2:*:*:*:*:*:*
  • OR cpe:/a:invensys:wonderware_application_server:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:invensys:wonderware_application_server:3.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:invensys:wonderware_application_server:*:sp2:*:*:*:*:*:* (Version <= 3.1)
  • OR cpe:/a:invensys:wonderware_application_server:3.1.201:sp2:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:invensys:wonderware_application_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:invensys:wonderware_application_server:3.0.200:sp2:*:*:*:*:*:*
  • OR cpe:/a:invensys:wonderware_application_server:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:invensys:wonderware_application_server:3.1.201:sp2:*:*:*:*:*:*
  • OR cpe:/a:invensys:wonderware_application_server:3.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:invensys:wonderware_application_server:3.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:invensys:dasabcip:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:invensys:daserver_runtime_components:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:invensys:daserver_runtime_components:3.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:invensys:dassidirect:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:invensys:dasabcip:4.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:invensys:intouch/wonderware_application_server:10.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    invensys dasabcip 4.1
    invensys dasabcip * sp1
    invensys daserver runtime components 3.0
    invensys daserver runtime components * sp1
    invensys dassidirect *
    invensys intouch/wonderware application server *
    invensys wonderware application server 3.0
    invensys wonderware application server 3.0.200 sp2
    invensys wonderware application server 3.1
    invensys wonderware application server 3.1 sp1
    invensys wonderware application server * sp2
    invensys wonderware application server 3.1.201 sp2
    invensys wonderware application server 3.0
    invensys wonderware application server 3.0.200 sp2
    invensys wonderware application server 3.1
    invensys wonderware application server 3.1.201 sp2
    invensys wonderware application server 3.1 sp1
    invensys wonderware application server 3.1 sp2
    invensys dasabcip 4.1
    invensys daserver runtime components 3.0
    invensys daserver runtime components 3.0 sp1
    invensys dassidirect 2.0
    invensys dasabcip 4.1 sp1
    invensys intouch/wonderware application server 10.0