Sielco Sistemi Winlog Pro < 2.07.01 TCP/IP Server Runtime.exe Packet Handling Remote Overflow

high Nessus Plugin ID 55631

Synopsis

The remote Windows host contains a SCADA application that is affected by a buffer overflow vulnerability.

Description

The installed version of Winlog Lite or Winlog Pro from Sielco Sistemi is earlier than 2.07.01 and thus reportedly has a buffer overflow in its 'Runtime.exe' component that listens on TCP port 46823 if the 'Run TCP/IP server' option is enabled for a project.

Using a specially crafted packet with opcode 0x02, an unauthenticated remote attacker can leverage this issue to overflow a temporary stack buffer of about 60 bytes and possibly execute arbitrary code.

Solution

Upgrade to Winlog version 2.07.01 or later.

See Also

http://aluigi.altervista.org/adv/winlog_1-adv.txt

http://www.winlog.it/forum/viewtopic.php?f=22&t=136

Plugin Details

Severity: High

ID: 55631

File Name: scada_winlog_2_07_01.nbin

Version: 1.67

Type: local

Family: SCADA

Published: 7/19/2011

Updated: 5/20/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SCADA/Apps/Sielco_Sistemi/Winlog/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/14/2011

Vulnerability Publication Date: 1/13/2011

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (Sielco Sistemi Winlog Buffer Overflow)

Reference Information

CVE: CVE-2011-0517

BID: 45813

CERT: 496040

ICS-ALERT: 11-017-02