Lucene search
MitreCVE-2012-4358HistoryAug 19, 2012 - 8:55 p.m.
CVE-2012-4358
2012-08-1920:55:01
CWE-20
mitre
web.nvd.nist.gov
32
cve-2012-4358
sielco sistemi
winlog pro
winlog lite
scada
denial of service
remote attack
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
High
EPSS
0.009
Percentile
83.3%
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode.
Affected configurations
Node
sielcosistemiwinlog_proRange≤2.07.16
ORsielcosistemiwinlog_proMatch2.06.00
ORsielcosistemiwinlog_proMatch2.06.03
ORsielcosistemiwinlog_proMatch2.06.04
ORsielcosistemiwinlog_proMatch2.06.06
ORsielcosistemiwinlog_proMatch2.06.09
ORsielcosistemiwinlog_proMatch2.06.10
ORsielcosistemiwinlog_proMatch2.06.12
ORsielcosistemiwinlog_proMatch2.06.13
ORsielcosistemiwinlog_proMatch2.06.14
ORsielcosistemiwinlog_proMatch2.06.18
ORsielcosistemiwinlog_proMatch2.06.21
ORsielcosistemiwinlog_proMatch2.06.24
ORsielcosistemiwinlog_proMatch2.06.25
ORsielcosistemiwinlog_proMatch2.06.28
ORsielcosistemiwinlog_proMatch2.06.40
ORsielcosistemiwinlog_proMatch2.06.46
ORsielcosistemiwinlog_proMatch2.06.50
ORsielcosistemiwinlog_proMatch2.06.60
ORsielcosistemiwinlog_proMatch2.06.73
ORsielcosistemiwinlog_proMatch2.06.86
ORsielcosistemiwinlog_proMatch2.07.00
ORsielcosistemiwinlog_proMatch2.07.01
ORsielcosistemiwinlog_proMatch2.07.08
ORsielcosistemiwinlog_proMatch2.07.09
ORsielcosistemiwinlog_proMatch2.07.11
ORsielcosistemiwinlog_proMatch2.07.14
Node
sielcosistemiwinlog_liteRange≤2.07.16
ORsielcosistemiwinlog_liteMatch2.06.00
ORsielcosistemiwinlog_liteMatch2.06.03
ORsielcosistemiwinlog_liteMatch2.06.04
ORsielcosistemiwinlog_liteMatch2.06.06
ORsielcosistemiwinlog_liteMatch2.06.09
ORsielcosistemiwinlog_liteMatch2.06.10
ORsielcosistemiwinlog_liteMatch2.06.12
ORsielcosistemiwinlog_liteMatch2.06.13
ORsielcosistemiwinlog_liteMatch2.06.14
ORsielcosistemiwinlog_liteMatch2.06.18
ORsielcosistemiwinlog_liteMatch2.06.21
ORsielcosistemiwinlog_liteMatch2.06.24
ORsielcosistemiwinlog_liteMatch2.06.25
ORsielcosistemiwinlog_liteMatch2.06.28
ORsielcosistemiwinlog_liteMatch2.06.40
ORsielcosistemiwinlog_liteMatch2.06.46
ORsielcosistemiwinlog_liteMatch2.06.50
ORsielcosistemiwinlog_liteMatch2.06.60
ORsielcosistemiwinlog_liteMatch2.06.73
ORsielcosistemiwinlog_liteMatch2.06.86
ORsielcosistemiwinlog_liteMatch2.07.00
ORsielcosistemiwinlog_liteMatch2.07.01
ORsielcosistemiwinlog_liteMatch2.07.08
ORsielcosistemiwinlog_liteMatch2.07.09
ORsielcosistemiwinlog_liteMatch2.07.11
ORsielcosistemiwinlog_liteMatch2.07.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sielcosistemi | winlog_pro | * | cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.00 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.03 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.04 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.06 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.09 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.10 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.12 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.13 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.14 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2012-4358
2012-08-19 20:00:00
CVE-2012-4359
2012-08-19 20:00:00
prion
prion
Integer overflow
2012-08-19 20:55:00
Integer overflow
2012-08-19 20:55:00
nvd
nvd
CVE-2012-4358
2012-08-19 20:55:01
CVE-2012-4359
2012-08-19 20:55:02
cve
cve
CVE-2012-4359
2012-08-19 20:55:02
nessus
nessus
Sielco Sistemi Winlog < 2.07.18 Multiple Vulnerabilities
2012-08-10 00:00:00
Sielco Sistemi Winlog < 2.07.17 Multiple Vulnerabilities
2012-09-10 00:00:00
ics
ics
Sielco Sistemi Winlog Multiple Vulnerabilities (Update A)
2018-09-06 12:00:00
openvas
openvas
Sielco Sistemi Winlog Multiple Vulnerabilities
2012-06-28 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
High
EPSS
0.009
Percentile
83.3%
Related for CVE-2012-4358