Description
Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49173
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53563
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf
Scores
EPSS
0.0215
EPSS Percentile
80.0%
Details
CWE
CWE-119
Status
published
Products (11)
invensys/dasabcip
4.1
invensys/dasabcip
< 4.1
invensys/daserver_runtime_components
3.0
invensys/daserver_runtime_components
< 3.0
invensys/dassidirect
< 2.0
invensys/intouch\/wonderware_application_server
< 10.0
invensys/wonderware_application_server
3.0
invensys/wonderware_application_server
3.0.200 sp2
invensys/wonderware_application_server
3.1 (2 CPE variants)
invensys/wonderware_application_server
3.1.201 sp2
... and 1 more
Published
Jul 05, 2012
Tracked Since
Feb 18, 2026