High-Risk Vulnerability in Wonderware Industrial Software
Core Security Technologies issued an advisory on May 5, 2008 to warn against a rare security hole in software, which is used to direct industrial systems. Invensys' monitoring software, which has a denial-of-service flaw, entails a high risk for utilities and factories using its Wonderware subsidiary's InTouch SuiteLink application.
According to researchers at Core Security, the security bug implies that hackers, who succeed in establishing a connection with the SuiteLink service TCP port, could cripple it by transmitting a corrupt packet. Also, it is not clear whether the bug creates a way for computer hackers to install a malicious code onto vulnerable systems. SuiteLink Service lets components employing an ownership protocol to communicate over TCP/IP networks.
» SPAMfighter News - 13-05-2008