Sielco Sistemi Winlog < 2.07.17 Multiple Vulnerabilities

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

A SCADA application on the remote host is affected by multiple
vulnerabilities.

Description :

The remote host has a version of Sielco Sistemi Winlog prior to
2.07.17. As such, it is affected by the following vulnerabilities:

- There is a stack-based buffer overflow that can be
triggered by sending a specially crafted TCP packet to
port 46824 that triggers an incorrect file-open attempt
by the _TCPIPS_BinOpenFileFP function. (CVE-2012-4353)

- TCPIPS_Story.dll allows remote attackers to execute
arbitrary code by sending a specially crafted packet to
port 46824 containing a positive integer after the
opcode, triggering incorrect function-pointer
processing. (CVE-2012-4354)

- There are directory traversal vulnerabilities that can
be triggered by sending a specially crafted TCP packet
specifying a file-open operation, followed by a packet
with a file read operation to port 46824. CVE-2012-4356)

- By sending a specially crafted packet to port 46824
containing an invalid file-pointer index, it might be
possible to execute arbitrary code. (CVE-2012-4357)

- Sending a specially crafted packet to port 46824 with
opcode 0x00, followed by a positive integer will cause a
denial of service condition. (CVE-2012-4358)

See also :

http://www.sielcosistemi.com/en/news/index.html?id=69
http://aluigi.altervista.org/adv/winlog_2-adv.txt

Solution :

Upgrade to WinLog 2.07.17 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 62032 ()

Bugtraq ID: 54212

CVE ID: CVE-2012-4353
CVE-2012-4354
CVE-2012-4356
CVE-2012-4357
CVE-2012-4358