Sielco Sistemi Winlog Pro < 2.07.01 TCP/IP Server Runtime.exe Packet Handling Remote Overflow
High Nessus Plugin ID 55631
SynopsisThe remote Windows host contains a SCADA application that is affected by a buffer overflow vulnerability.
DescriptionThe installed version of Winlog Lite or Winlog Pro from Sielco Sistemi is earlier than 2.07.01 and thus reportedly has a buffer overflow in its 'Runtime.exe' component that listens on TCP port 46823 if the 'Run TCP/IP server' option is enabled for a project.
Using a specially crafted packet with opcode 0x02, an unauthenticated remote attacker can leverage this issue to overflow a temporary stack buffer of about 60 bytes and possibly execute arbitrary code.
SolutionUpgrade to Winlog version 2.07.01 or later.