Sielco Sistemi Winlog < 2.07.17 Multiple Vulnerabilities
Critical Nessus Plugin ID 62032
SynopsisA SCADA application on the remote host is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Sielco Sistemi Winlog prior to 2.07.17. As such, it is affected by the following vulnerabilities:
- There is a stack-based buffer overflow that can be triggered by sending a specially crafted TCP packet to port 46824 that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function. (CVE-2012-4353)
- TCPIPS_Story.dll allows remote attackers to execute arbitrary code by sending a specially crafted packet to port 46824 containing a positive integer after the opcode, triggering incorrect function-pointer processing. (CVE-2012-4354)
- There are directory traversal vulnerabilities that can be triggered by sending a specially crafted TCP packet specifying a file-open operation, followed by a packet with a file read operation to port 46824. CVE-2012-4356)
- By sending a specially crafted packet to port 46824 containing an invalid file-pointer index, it might be possible to execute arbitrary code. (CVE-2012-4357)
- Sending a specially crafted packet to port 46824 with opcode 0x00, followed by a positive integer will cause a denial of service condition. (CVE-2012-4358)
SolutionUpgrade to WinLog 2.07.17 or later.