Sielco Sistemi Winlog Arbitrary File Disclosure

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

A SCADA application on the remote host has an arbitrary file
disclosure vulnerability.

Description :

The remote host is running Sielco Sistemi Winlog. A WinLog project on
the remote host is running a TCP server. By connecting to this TCP
server and utilizing opcode 0x78 to open a file, and opcode
0x96, 0x97 or 0x98 to read a file, a remote attacker can access the
contents of any file on the remote host.

Note that this install is likely affected by several other issues,
although this plugin has not checked for them.

See also :

http://aluigi.altervista.org/adv/winlog_2-adv.txt

Solution :

Upgrade to WinLog 2.07.17 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 61493 ()

Bugtraq ID: 54212

CVE ID: CVE-2012-4356