Sielco Sistemi Winlog Arbitrary File Disclosure

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.

Synopsis :

A SCADA application on the remote host has an arbitrary file
disclosure vulnerability.

Description :

The remote host is running Sielco Sistemi Winlog. A WinLog project on
the remote host is running a TCP server. By connecting to this TCP
server and utilizing opcode 0x78 to open a file, and opcode
0x96, 0x97 or 0x98 to read a file, a remote attacker can access the
contents of any file on the remote host.

Note that this install is likely affected by several other issues,
although this plugin has not checked for them.

See also :

Solution :

Upgrade to WinLog 2.07.17 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.9
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 61493 ()

Bugtraq ID: 54212

CVE ID: CVE-2012-4356

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now