Lucene search

[email protected]CVE-2008-2005

HistoryMay 06, 2008 - 3:20 p.m.

CVE-2008-2005

2008-05-0615:20:00

CWE-399

[email protected]

web.nvd.nist.gov

security

vulnerability

suitelink

wonderware

denial of service

arbitrary code execution

cve-2008-2005

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.6 High

AI Score

Confidence

Low

0.854 High

EPSS

Percentile

98.6%

JSON

The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.

Affected configurations

NVD

Node

wonderwareintouchMatch8.0

wonderwaresuitelinkMatch2.0

CPENameOperatorVersion
wonderware:intouchwonderware intoucheq8.0
wonderware:suitelinkwonderware suitelinkeq2.0

CPE	Name	Operator	Version
wonderware:intouch	wonderware intouch	eq	8.0
wonderware:suitelink	wonderware suitelink	eq	2.0

References

secunia.com/advisories/30063

www.coresecurity.com/?action=item&id=2187

www.kb.cert.org/vuls/id/596268

www.securityfocus.com/archive/1/491623/100/0/threaded

www.securityfocus.com/bid/28974

www.securitytracker.com/id?1019966

exchange.xforce.ibmcloud.com/vulnerabilities/42221

www.exploit-db.com/exploits/6474

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.6 High

AI Score

Confidence

Low

0.854 High

EPSS

Percentile

98.6%

JSON

Related for CVE-2008-2005

securityvulns2 prion1 seebug1 packetstorm1 cert1 cvelist1 nvd1