ICSA-24-226-01
·
Published 2024-08-13
·
View on CISA ICS-CERT ↗
AVEVA SuiteLink Server
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow an attacker to cause the server to consume excessive system resources, preventing processing of SuiteLink messages on the targeted host.
CVEs (1)
Remediations
- AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected product versions should apply security updates as soon as possible.
- All impacted products and affected versions can be fixed by installing SuiteLink v3.7.100.
- AVEVA recommends the following general defensive measures:
- Apply Host and/or Network firewall rules restricting the SuiteLink server to accept traffic only from trusted source(s). By default, SuiteLink listens on port 5413.
- For more information, see AVEVA's Security Bulletin AVEVA-2024-007.
Affected Vendors
AVEVA
Affected Products (6)
AVEVA
·
SuiteLink
<=3.7.0
AVEVA
·
Historian
<=2023_R2_P01
AVEVA
·
InTouch
<=2023_R2_P01
AVEVA
·
Application Server
<=2023_R2_P01
AVEVA
·
Communication Drivers Pack
<=2023_R2
AVEVA
·
Batch Management
<=2023
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more