Lucene search
HistoryAug 19, 2012 - 8:55 p.m.
CVE-2012-4356
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.036
Percentile
91.8%
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a … (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.
Affected configurations
Node
sielcosistemiwinlog_proRange≤2.07.16
ORsielcosistemiwinlog_proMatch2.06.00
ORsielcosistemiwinlog_proMatch2.06.03
ORsielcosistemiwinlog_proMatch2.06.04
ORsielcosistemiwinlog_proMatch2.06.06
ORsielcosistemiwinlog_proMatch2.06.09
ORsielcosistemiwinlog_proMatch2.06.10
ORsielcosistemiwinlog_proMatch2.06.12
ORsielcosistemiwinlog_proMatch2.06.13
ORsielcosistemiwinlog_proMatch2.06.14
ORsielcosistemiwinlog_proMatch2.06.18
ORsielcosistemiwinlog_proMatch2.06.21
ORsielcosistemiwinlog_proMatch2.06.24
ORsielcosistemiwinlog_proMatch2.06.25
ORsielcosistemiwinlog_proMatch2.06.28
ORsielcosistemiwinlog_proMatch2.06.40
ORsielcosistemiwinlog_proMatch2.06.46
ORsielcosistemiwinlog_proMatch2.06.50
ORsielcosistemiwinlog_proMatch2.06.60
ORsielcosistemiwinlog_proMatch2.06.73
ORsielcosistemiwinlog_proMatch2.06.86
ORsielcosistemiwinlog_proMatch2.07.00
ORsielcosistemiwinlog_proMatch2.07.01
ORsielcosistemiwinlog_proMatch2.07.08
ORsielcosistemiwinlog_proMatch2.07.09
ORsielcosistemiwinlog_proMatch2.07.11
ORsielcosistemiwinlog_proMatch2.07.14
Node
sielcosistemiwinlog_liteRange≤2.07.16
ORsielcosistemiwinlog_liteMatch2.06.00
ORsielcosistemiwinlog_liteMatch2.06.03
ORsielcosistemiwinlog_liteMatch2.06.04
ORsielcosistemiwinlog_liteMatch2.06.06
ORsielcosistemiwinlog_liteMatch2.06.09
ORsielcosistemiwinlog_liteMatch2.06.10
ORsielcosistemiwinlog_liteMatch2.06.12
ORsielcosistemiwinlog_liteMatch2.06.13
ORsielcosistemiwinlog_liteMatch2.06.14
ORsielcosistemiwinlog_liteMatch2.06.18
ORsielcosistemiwinlog_liteMatch2.06.21
ORsielcosistemiwinlog_liteMatch2.06.24
ORsielcosistemiwinlog_liteMatch2.06.25
ORsielcosistemiwinlog_liteMatch2.06.28
ORsielcosistemiwinlog_liteMatch2.06.40
ORsielcosistemiwinlog_liteMatch2.06.46
ORsielcosistemiwinlog_liteMatch2.06.50
ORsielcosistemiwinlog_liteMatch2.06.60
ORsielcosistemiwinlog_liteMatch2.06.73
ORsielcosistemiwinlog_liteMatch2.06.86
ORsielcosistemiwinlog_liteMatch2.07.00
ORsielcosistemiwinlog_liteMatch2.07.01
ORsielcosistemiwinlog_liteMatch2.07.08
ORsielcosistemiwinlog_liteMatch2.07.09
ORsielcosistemiwinlog_liteMatch2.07.11
ORsielcosistemiwinlog_liteMatch2.07.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sielcosistemi | winlog_pro | * | cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.00 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.03 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.04 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.06 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.09 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.10 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.12 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.13 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:* |
| sielcosistemi | winlog_pro | 2.06.14 | cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:* |
Related
packetstorm
packetstorm
Sielco Sistemi Winlog Remote File Access
2024-08-31 00:00:00
metasploit
metasploit
Sielco Sistemi Winlog Remote File Access
2012-07-12 11:12:31
cvelist
cvelist
CVE-2012-4356
2012-08-19 20:00:00
prion
prion
Directory traversal
2012-08-19 20:55:00
cve
cve
CVE-2012-4356
2012-08-19 20:55:01
nessus
nessus
Sielco Sistemi Winlog < 2.07.17 Multiple Vulnerabilities
2012-09-10 00:00:00
exploitdb
exploitdb
Sielco Sistemi Winlog 2.07.16 - Multiple Vulnerabilities
2012-06-27 00:00:00
openvas
openvas
Sielco Sistemi Winlog Multiple Vulnerabilities
2012-06-28 00:00:00
ics
ics
Sielco Sistemi Winlog Multiple Vulnerabilities (Update A)
2018-09-06 12:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.036
Percentile
91.8%
Related for NVD:CVE-2012-4356