PT-2008-3526 · Wonderware · Wonderware Intouch+1

Belay Tows

Published

2008-05-06

Updated

2018-10-11

CVE-2008-2005

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions WonderWare SuiteLink versions prior to 2.0 Patch 01 WonderWare InTouch version 8.0

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413. This causes a memory allocation failure, resulting in a NULL pointer dereference and service shutdown.

Recommendations For WonderWare SuiteLink versions prior to 2.0 Patch 01, apply Patch 01 to resolve the issue. For WonderWare InTouch version 8.0, ensure that the underlying SuiteLink Service is updated to a version that includes the fix, such as SuiteLink 2.0 Patch 01.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2008-2005

Affected Products

Wonderware Intouch

Wonderware Suitelink

PT-2008-3526 · Wonderware · Wonderware Intouch+1

CVE-2008-2005

Weakness Enumeration

Related Identifiers

Affected Products

References · 9