TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Sielcosistemi
  • Winlog Pro
  • Winlog Lite

Configuration 1 [-]

OR cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.14:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.16:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.14:*:*:*:*:*:*:*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.16:*:*:*:*:*:*:*
References
Link Resource
http://aluigi.org/adv/winlog_2-adv.txt Exploit
http://secunia.com/advisories/49395 Vendor Advisory
http://www.sielcosistemi.com/en/news/index.html?id=70
http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf US Government Resource
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:15:32

Updated: 2022-10-03T16:15:32

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-4355

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2012-08-19T20:55:01.787

Modified: 2012-08-20T04:00:00.000

Link: CVE-2012-4355

JSON object: View

cve-icon Redhat Information

No data.

CWE