CVE-2012-4357
Description
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Sielco Sistemi Winlog 2.07.16 - Multiple Vulnerabilities
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| sielcosistemi | winlog_pro | {"endIncluding":"2.07.16"} | |
| sielcosistemi | winlog_pro | 2.06.00 | |
| sielcosistemi | winlog_pro | 2.06.03 | |
| sielcosistemi | winlog_pro | 2.06.04 | |
| sielcosistemi | winlog_pro | 2.06.06 | |
| sielcosistemi | winlog_pro | 2.06.09 | |
| sielcosistemi | winlog_pro | 2.06.10 | |
| sielcosistemi | winlog_pro | 2.06.12 | |
| sielcosistemi | winlog_pro | 2.06.13 | |
| sielcosistemi | winlog_pro | 2.06.14 | |
| sielcosistemi | winlog_pro | 2.06.18 | |
| sielcosistemi | winlog_pro | 2.06.21 | |
| sielcosistemi | winlog_pro | 2.06.24 | |
| sielcosistemi | winlog_pro | 2.06.25 | |
| sielcosistemi | winlog_pro | 2.06.28 | |
| sielcosistemi | winlog_pro | 2.06.40 | |
| sielcosistemi | winlog_pro | 2.06.46 | |
| sielcosistemi | winlog_pro | 2.06.50 | |
| sielcosistemi | winlog_pro | 2.06.60 | |
| sielcosistemi | winlog_pro | 2.06.73 | |
| sielcosistemi | winlog_pro | 2.06.86 | |
| sielcosistemi | winlog_pro | 2.07.00 | |
| sielcosistemi | winlog_pro | 2.07.01 | |
| sielcosistemi | winlog_pro | 2.07.08 | |
| sielcosistemi | winlog_pro | 2.07.09 | |
| sielcosistemi | winlog_pro | 2.07.11 | |
| sielcosistemi | winlog_pro | 2.07.14 | |
| sielcosistemi | winlog_lite | {"endIncluding":"2.07.16"} | |
| sielcosistemi | winlog_lite | 2.06.00 | |
| sielcosistemi | winlog_lite | 2.06.03 | |
| sielcosistemi | winlog_lite | 2.06.04 | |
| sielcosistemi | winlog_lite | 2.06.06 | |
| sielcosistemi | winlog_lite | 2.06.09 | |
| sielcosistemi | winlog_lite | 2.06.10 | |
| sielcosistemi | winlog_lite | 2.06.12 | |
| sielcosistemi | winlog_lite | 2.06.13 | |
| sielcosistemi | winlog_lite | 2.06.14 | |
| sielcosistemi | winlog_lite | 2.06.18 | |
| sielcosistemi | winlog_lite | 2.06.21 | |
| sielcosistemi | winlog_lite | 2.06.24 | |
| sielcosistemi | winlog_lite | 2.06.25 | |
| sielcosistemi | winlog_lite | 2.06.28 | |
| sielcosistemi | winlog_lite | 2.06.40 | |
| sielcosistemi | winlog_lite | 2.06.46 | |
| sielcosistemi | winlog_lite | 2.06.50 | |
| sielcosistemi | winlog_lite | 2.06.60 | |
| sielcosistemi | winlog_lite | 2.06.73 | |
| sielcosistemi | winlog_lite | 2.06.86 | |
| sielcosistemi | winlog_lite | 2.07.00 | |
| sielcosistemi | winlog_lite | 2.07.01 | |
| sielcosistemi | winlog_lite | 2.07.08 | |
| sielcosistemi | winlog_lite | 2.07.09 | |
| sielcosistemi | winlog_lite | 2.07.11 | |
| sielcosistemi | winlog_lite | 2.07.14 | |
References
- http://aluigi.org/adv/winlog_2-adv.txt
- http://secunia.com/advisories/49395
- http://www.sielcosistemi.com/en/news/index.html?id=69
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
- http://aluigi.org/adv/winlog_2-adv.txt
- http://secunia.com/advisories/49395
- http://www.sielcosistemi.com/en/news/index.html?id=69
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.