Sielco Sistemi Winlog < 2.07.17 Multiple Vulnerabilities

high Nessus Plugin ID 62032

Synopsis

A SCADA application on the remote host is affected by multiple vulnerabilities.

Description

The remote host has a version of Sielco Sistemi Winlog prior to 2.07.17. As such, it is affected by the following vulnerabilities:

- There is a stack-based buffer overflow that can be triggered by sending a specially crafted TCP packet to port 46824 that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function. (CVE-2012-4353)

- TCPIPS_Story.dll allows remote attackers to execute arbitrary code by sending a specially crafted packet to port 46824 containing a positive integer after the opcode, triggering incorrect function-pointer processing. (CVE-2012-4354)

- There are directory traversal vulnerabilities that can be triggered by sending a specially crafted TCP packet specifying a file-open operation, followed by a packet with a file read operation to port 46824. CVE-2012-4356)

- By sending a specially crafted packet to port 46824 containing an invalid file-pointer index, it might be possible to execute arbitrary code. (CVE-2012-4357)

- Sending a specially crafted packet to port 46824 with opcode 0x00, followed by a positive integer will cause a denial of service condition. (CVE-2012-4358)

Solution

Upgrade to WinLog 2.07.17 or later.

See Also

http://www.sielcosistemi.com/en/news/index.html?id=69

http://aluigi.altervista.org/adv/winlog_2-adv.txt

Plugin Details

Severity: High

ID: 62032

File Name: scada_winlog_2_07_17.nbin

Version: 1.67

Type: local

Family: SCADA

Published: 9/10/2012

Updated: 5/20/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-4358

Vulnerability Information

CPE: cpe:/a:sielcosistemi:winlog_lite

Required KB Items: SCADA/Apps/Sielco_Sistemi/Winlog/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/17/2012

Vulnerability Publication Date: 6/26/2012

Exploitable With

CANVAS (White_Phosphorus)

Metasploit (Sielco Sistemi Winlog Remote File Access)

Reference Information

CVE: CVE-2012-4353, CVE-2012-4354, CVE-2012-4356, CVE-2012-4357, CVE-2012-4358

BID: 54212

ICS-ALERT: 12-179-01

ICSA: 12-213-01