CVE-2012-4356

high

Description

Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.

References

http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf

http://www.sielcosistemi.com/en/news/index.html?id=69

http://secunia.com/advisories/49395

Details

Source: Mitre, NVD

Published: 2012-08-19

Updated: 2012-08-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High