Published: 19/08/2012 Updated: 20/08/2012

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA prior to 2.07.17 and Winlog Lite SCADA prior to 2.07.17 allow remote malicious users to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sielcosistemi winlog pro 2.07.11
sielcosistemi winlog pro 2.07.08
sielcosistemi winlog pro 2.06.21
sielcosistemi winlog pro 2.06.24
sielcosistemi winlog pro 2.06.14
sielcosistemi winlog pro 2.06.18
sielcosistemi winlog pro 2.07.09
sielcosistemi winlog pro 2.06.60
sielcosistemi winlog pro 2.06.40
sielcosistemi winlog pro 2.07.14
sielcosistemi winlog pro 2.06.13
sielcosistemi winlog pro 2.06.10
sielcosistemi winlog pro 2.06.06
sielcosistemi winlog pro 2.06.73
sielcosistemi winlog pro 2.07.01
sielcosistemi winlog pro 2.06.28
sielcosistemi winlog pro 2.06.25
sielcosistemi winlog pro 2.06.12
sielcosistemi winlog pro 2.06.09
sielcosistemi winlog pro 2.06.86
sielcosistemi winlog pro 2.07.00
sielcosistemi winlog pro 2.06.46
sielcosistemi winlog pro 2.06.50
sielcosistemi winlog pro 2.06.04
sielcosistemi winlog pro 2.06.03
sielcosistemi winlog pro 2.06.00
sielcosistemi winlog pro
sielcosistemi winlog lite 2.07.00
sielcosistemi winlog lite 2.06.60
sielcosistemi winlog lite 2.06.50
sielcosistemi winlog lite 2.06.86
sielcosistemi winlog lite 2.06.12
sielcosistemi winlog lite 2.06.09
sielcosistemi winlog lite 2.06.06
sielcosistemi winlog lite 2.06.04
sielcosistemi winlog lite 2.07.09
sielcosistemi winlog lite 2.07.01
sielcosistemi winlog lite 2.06.25
sielcosistemi winlog lite 2.06.18
sielcosistemi winlog lite 2.06.13
sielcosistemi winlog lite 2.06.10
sielcosistemi winlog lite 2.06.03
sielcosistemi winlog lite
sielcosistemi winlog lite 2.07.11
sielcosistemi winlog lite 2.07.08
sielcosistemi winlog lite 2.06.73
sielcosistemi winlog lite 2.06.28
sielcosistemi winlog lite 2.06.21
sielcosistemi winlog lite 2.06.14
sielcosistemi winlog lite 2.06.00
sielcosistemi winlog lite 2.06.46
sielcosistemi winlog lite 2.06.40
sielcosistemi winlog lite 2.07.14
sielcosistemi winlog lite 2.06.24

####################################################################### Luigi Auriemma Application: Sielco Sistemi Winlog wwwsielcosistemicom/en/products/winlog_scada_hmi/ Versions: <= 20716 Platforms: Windows Bugs: A] DbiGetRecordCount code execution B] @Db@TD ...

CWE-22 http://www.sielcosistemi.com/en/news/index.html?id=69 http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf http://secunia.com/advisories/49395 http://aluigi.org/adv/winlog_2-adv.txt https://nvd.nist.gov https://www.exploit-db.com/exploits/19409/

CVE-2012-4356

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect