CVE-2008-2005

WonderWare SuiteLink <2.0 Patch 01 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2005. PoCs published by belay tows.

AI-analyzed exploit summary This exploit targets a denial of service vulnerability in Wonderware SuitLink by sending a malformed packet to port 5413. The packet includes a specific length value (0xBAADF00D) that triggers the DoS condition.

Description

The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.

Exploits (1)

exploitdb WORKING POC VERIFIED

by belay tows · rubydoswindows

https://www.exploit-db.com/exploits/6474

View Code ZIP pw:eip

This exploit targets a denial of service vulnerability in Wonderware SuitLink by sending a malformed packet to port 5413. The packet includes a specific length value (0xBAADF00D) that triggers the DoS condition.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Wonderware SuitLink

No auth needed

Prerequisites: Network access to the target system on port 5413

MITRE ATT&CK