CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
94.0%
The remote host has a version of Sielco Sistemi Winlog prior to 2.07.17. As such, it is affected by the following vulnerabilities:
There is a stack-based buffer overflow that can be triggered by sending a specially crafted TCP packet to port 46824 that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function. (CVE-2012-4353)
TCPIPS_Story.dll allows remote attackers to execute arbitrary code by sending a specially crafted packet to port 46824 containing a positive integer after the opcode, triggering incorrect function-pointer processing. (CVE-2012-4354)
There are directory traversal vulnerabilities that can be triggered by sending a specially crafted TCP packet specifying a file-open operation, followed by a packet with a file read operation to port 46824. CVE-2012-4356)
By sending a specially crafted packet to port 46824 containing an invalid file-pointer index, it might be possible to execute arbitrary code. (CVE-2012-4357)
Sending a specially crafted packet to port 46824 with opcode 0x00, followed by a positive integer will cause a denial of service condition. (CVE-2012-4358)
Binary data scada_winlog_2_07_17.nbin
aluigi.altervista.org/adv/winlog_2-adv.txt
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4358
www.sielcosistemi.com/en/news/index.html?id=69