Vulnerability Note VU#596268

Wonderware SuiteLink null pointer dereference

Original Release date: 06 May 2008 | Last revised: 17 Sep 2008


A vulnerability in the way Wonderware SuiteLink handles malformed TCP packets could result in a denial of service.


Wonderware SuiteLink is a protocol based on TCP/IP that runs as a service listening for connections on port 5413/tcp on Microsoft Windows operating systems. A vulnerability exists in the way the Wonderware SuiteLink Service slssvc.exe handles malformed TCP packets. According to Core Security Advisory CORE-2008-0129:

    Un-authenticated client programs connecting to the service can send a malformed packet that causes a memory allocation operation (a call to new() operator) to fail returning a NULL pointer. Due to a lack of error-checking for the result of the memory allocation operation, the program later tries to use the pointer as a destination for memory copy operation, triggering an access violation error and terminating the service.

Note that this issue affects Wonderware SuiteLink prior to version 2.0 Patch 01. Exploit code for this vulnerability is publicly available.


A remote, unauthenticated attacker may be able to cause a denial-of-service condition.


Apply an update
This issue is addressed in Wonderware SuiteLink Version 2.0 Patch 01. Wonderware SuiteLink customers should refer to Wonderware Tech Alert 106 and Wonderware Security Manual - Securing Industrial Control Systems for more details.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Invensys Affected06 May 200823 May 2008
WonderwareAffected06 May 200823 May 2008
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported in Core Security Advisory CORE-2008-0129.

This document was written by Chris Taschner.

Other Information

  • CVE IDs: CVE-2008-2005
  • Date Public: 05 May 2008
  • Date First Published: 06 May 2008
  • Date Last Updated: 17 Sep 2008
  • Severity Metric: 3.07
  • Document Revision: 14


If you have feedback, comments, or additional information about this vulnerability, please send us email.