Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Advisories

Advisories

Wonderware SuiteLink's Denial of Reported Service Vulnerability

The report was issued on Monday in a CoreLabs Advisory

By Traian Teglet, Technology News Editor

8th of May 2008, 13:07 GMT

Adjust text size:


Wonderware is part of Invensys Group
Enlarge picture
Security researchers at Core Security Technologies have issued a warning statement on Monday according to which they found a rare vulnerability in Wonderware subsidiary's InTouch SuiteLink application. Wonderware, a business unit of Invensys, is a software manufacturer that offers solutions to business users in areas such as Production and Performance Management, Geographical SCADA and Supervisory HMI (Human-Machine Interface).

Core Security found the vulnerability in Wonderware SuiteLink Service and it is said that the flaw allows the interference of an unauthenticated remote control that could shutdown the service. This means that a hacker could breach the SCADA (Supervisory Control And Data Acquisition) application by connecting to a SuiteLink service TCP port. The vulnerability hasn't been proven to allow remote code execution but according to Core Security, a potential scenario hasn't been excluded.

According to the Security company, systems running WonderWare SuiteLink prior to version 2.0 Patch 01 are susceptible to the reported bug. While testing a system running WonderWare InTouch 8, Sebastian Muniz from the Exploit Writers Team, has discovered the above mentioned vulnerability. According to the American National Institute of Standards and Technology (NIST), the bug has been reported as being a high-risk one. Wonderware has made available to its registered customers a technical document addressing this issue.

With consumer and business software applications this sort of breaches are somewhat common. Bugs involving SCADA applications aren't that frequent, but they can cause a lot of damage. There are a number of security companies that try to develop protective software applications for SCADA systems.

According to Wonderware's website "one third of the world's plants run Wonderware software solutions.". A hacking attack that could make use of the discovered vulnerability will most certainly cause some serious damage on a worldwide scale. Wonderware customers still running systems using SuiteLink 2.0 Patch 01 should contact the company website for more information.

TAGS:

 bug | vulnerability | report | hack | industry
Read by 1,149 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Very Good (4.2/5) 5 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Adobe Acrobat Reader and Professional Vulnerability Reported

BitDefender Antivirus 2008 Needs Updates

Malicious Behavior Threat Searching for Windows Stations

Ubuntu Weekly Report: 13th - 19th April, 2008

Norton Antivirus and Norton 360 Vulnerable - Patch Inside!

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive