Sielco Sistemi Winlog Pro < 2.07.01 TCP/IP Server Runtime.exe Packet Handling Remote Overflow

High Nessus Plugin ID 55631


The remote Windows host contains a SCADA application that is affected by a buffer overflow vulnerability.


The installed version of Winlog Lite or Winlog Pro from Sielco Sistemi is earlier than 2.07.01 and thus reportedly has a buffer overflow in its 'Runtime.exe' component that listens on TCP port 46823 if the 'Run TCP/IP server' option is enabled for a project.

Using a specially crafted packet with opcode 0x02, an unauthenticated remote attacker can leverage this issue to overflow a temporary stack buffer of about 60 bytes and possibly execute arbitrary code.


Upgrade to Winlog version 2.07.01 or later.

See Also

Plugin Details

Severity: High

ID: 55631

File Name: scada_winlog_2_07_01.nbin

Version: $Revision: 1.21 $

Type: local

Family: SCADA

Published: 2011/07/19

Modified: 2018/01/29

Dependencies: 55630

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

Required KB Items: SCADA/Apps/Sielco_Sistemi/Winlog/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/01/14

Vulnerability Publication Date: 2011/01/13

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (Sielco Sistemi Winlog Buffer Overflow)

Reference Information

CVE: CVE-2011-0517

BID: 45813

OSVDB: 70418

CERT: 496040

EDB-ID: 15992

ICS-ALERT: 11-017-02