CVE-2008-2005

Name of the Vulnerable Software and Affected Versions WonderWare SuiteLink versions prior to 2.0 Patch 01 WonderWare InTouch version 8.0

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413. This causes a memory allocation failure, resulting in a NULL pointer dereference and service shutdown.

Recommendations For WonderWare SuiteLink versions prior to 2.0 Patch 01, apply Patch 01 to resolve the issue. For WonderWare InTouch version 8.0, ensure that the underlying SuiteLink Service is updated to a version that includes the fix, such as SuiteLink 2.0 Patch 01.