Sebastian Muniz from Core Security Technologies discovered a denial of service vulnerability in the Wonderware SuiteLink service that was made public today. Here are some links:

Core Security Advisory

National Vulnerability Database

Wonderware Tech Alert (login required)

This SuiteLink vulnerability affects the same version of Wonderware InTouch that had the NetDDE problem. When we presented the NetDDE vulnerability at S4 2008 back in January, we actually listed the SuiteLink service as a potential threat in our threat model. Little did we know that Muniz was actively discovering and researching that very issue.

Some of the same topics we addressed with the NetDDE problem still apply — yes, this is old software but the life cycle for these systems is long and, with a product as widely used as Wonderware InTouch, you know there are many vulnerable systems out there. This was corroborated by the number of S4 attendees who confessed to having InTouch 8.0 installed on their laptops. That said, if an attacker is in a position to exploit the NetDDE or SuiteLink vulnerabilites, in most production environments there has already been a serious breach of network security.

This will likely re-ignite the debate over the disclosure process for control system application vulnerabilities. For the record, this is Digital Bond’s policy.

Stay tuned for a full technical write-up in the SCADApedia Vulnerability Notes.