Flaw found in power-plant software

A vulnerability found in Wonderware SuiteLink could open a third of the world's industrial plants to a potential denial-of-service attack
Written by Tom Espiner, Contributor

A hole has been found in software used by critical national infrastructure organisations including oil, gas and power companies that could lead to a successful denial-of-service attack.

The vulnerability is in a protocol used in versions of SuiteLink by Wonderware running on Microsoft Windows. The software is used to communicate between components in Supervisory Control and Data Acquisition (Scada) systems. The protocol is proprietary, and used over TCP/IP networks.

The flaw in the Wonderware SuiteLink Service, as reported by security researcher Sebastian Muniz  from Core Security Technologies, means unauthenticated client programs connecting to the SuiteLink Service prior to version 2.0 patch 1 can send a malformed packet that causes a memory allocation operation to fail, returning a null pointer.

Due to a lack of error-checking for the result of the memory allocation operation, the program later tries to use the pointer as a destination for memory copy operation, triggering an access violation error and terminating the service, reported Core Security.

The flaw is remotely exploitable, according to the Core Secure Technologies researcher. According to the Wonderware site: "One-third of the world's plants run Wonderware software solutions. Wonderware has sold over 450,000 software licences in approximately 100,000 plants worldwide, which is 33 percent of the world's 305,544 plants with 20 or more employees."

Software updates and advice on how to secure systems are available from the Wonderware website, and users must register on the site to view the advisory.

Editorial standards