Tech Alert 106
SuiteLink® Security Vulnerability

All Tech Notes and KBCD documents and software are provided "as is" without warranty of any kind. See the Terms of Use for more information.

Topic#: 002260
Created: March 2008
Updated: May 20, 2008

Issue

3rd party security experts have tested the SuiteLink communication layer in Wonderware® software and identified a security issue. This issue can create Denial of Service in certain cases. This Denial of Service results when rogue applications intentionally send corrupted data to a remote node.

Please keep in mind that the issue will only occur if a rogue application is intentionally attempting to cause this problem.

Application Versions

• SuiteLink is a common component utilized for communication between Wonderware Products. It is also used for communication between Wonderware products and some 3rd party products developed with our Extensibility Tool Kits. If you have a Wonderware Product installed, SuiteLink was likely installed along with it as a Common Component.

How Do I Tell if I Have SuiteLink Installed?

SuiteLink is a service that starts automatically when your computer boots up. One method to tell if you have SuiteLink installed is to check your Windows Task Manager for the following program – slssvc.exe.

Figure 1: Task Manager Showing slssvc.exe Process

You can also use the slsping command to determine if SuiteLink is running on a remote node.

1. Open the command prompt and type slsping <hostname> <ApplicationName>.
   • <hostname> is the name of the node and
   • <ApplicationName> is the name of any WW application installed in the node.

If the response from the command shows: Reached WW directory Service (SLSSVC) … or SUCCESS! <ApplicationName> speaks SuiteLink…, it indicates that SuiteLink is installed on the node and the patch should be applied.


Figure 2: slsping to Identify SuiteLink on a Remote Node

How Do I Tell What Version of SuiteLink I have?

• You can do a File Search for slssvc.exe and check the file date. If SuiteLink 2.0 Patch 01 has been installed, the file date for slssvc.exe is 4/24/2008 5:18PM. Any date older than this means you must install the patch.

Figure 3: Check the slssvc.exe File Date

• Alternatively, open the Add/Remove programs window and locate the SuiteLink 2.0 Patch 1 entry. If this entry exists the patch is already installed.

Vulnerability Scope

It is possible to create a software application which will send corrupted data across the network and cause the SuiteLink service on a remote node to stop running. This causes the SuiteLink service to exhibit the access denied/Denial of Service error.

The SuiteLink service can be restarted manually or by scripting.

Further Information and Recommended Action

Wonderware has addressed this issue in SuiteLink 2.0 Patch 01. Download and apply the Patch immediately.

Click the following icon to view this file in .pdf format:

K. Kasajian, B. Pulfer

Tech Notes are published occasionally by Wonderware Technical Support. Publisher: Invensys Systems, Inc., 26561 Rancho Parkway South, Lake Forest, CA 92630.  There is also technical information on our software products at www.wonderware.com/support/mmi

Back to top