Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
33 vulnerabilities by sielco
VAR-201112-0160
Vulnerability from variot - Updated: 2023-12-18 13:25Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file. SIELCO SISTEMI Winlog Pro is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog Pro does not properly filter the input in the project file. Some of the illegal information in the field can overwrite the memory location, causing the application to crash or to execute arbitrary code. Winlog Pro and Winlog Lite are prone to a remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Winlog Pro Project File Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA47078
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47078/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47078
RELEASE DATE: 2011-12-07
DISCUSS ADVISORY: http://secunia.com/advisories/47078/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47078/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47078
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Winlog Pro, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error when processing certain values in project files and can be exploited to cause a buffer overflow by tricking a user into loading a malicious project file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 2.07.09.
SOLUTION: Update to version 2.07.09.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Paul Davis
ORIGINAL ADVISORY: http://www.us-cert.gov/control_systems/pdf/ICSA-11-298-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.1"
},
{
"model": "winlog lite",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "2.07.09"
},
{
"model": "sistemi winlog pro",
"scope": "ne",
"trust": 0.3,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": "sistemi winlog lite",
"scope": "ne",
"trust": 0.3,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5192"
},
{
"db": "BID",
"id": "50932"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003508"
},
{
"db": "NVD",
"id": "CVE-2011-4037"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Paul Davis",
"sources": [
{
"db": "BID",
"id": "50932"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4037",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4037",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-055",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003508"
},
{
"db": "NVD",
"id": "CVE-2011-4037"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file. SIELCO SISTEMI Winlog Pro is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog Pro does not properly filter the input in the project file. Some of the illegal information in the field can overwrite the memory location, causing the application to crash or to execute arbitrary code. Winlog Pro and Winlog Lite are prone to a remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nWinlog Pro Project File Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA47078\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47078/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47078\n\nRELEASE DATE:\n2011-12-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47078/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47078/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47078\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Winlog Pro, which can be\nexploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an unspecified error when\nprocessing certain values in project files and can be exploited to\ncause a buffer overflow by tricking a user into loading a malicious\nproject file. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in versions prior to 2.07.09. \n\nSOLUTION:\nUpdate to version 2.07.09. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Paul Davis\n\nORIGINAL ADVISORY:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-298-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4037"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003508"
},
{
"db": "CNVD",
"id": "CNVD-2011-5192"
},
{
"db": "BID",
"id": "50932"
},
{
"db": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "107612"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4037",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-11-298-01",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "47078",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1026388",
"trust": 1.6
},
{
"db": "BID",
"id": "50932",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-5192",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201112-055",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003508",
"trust": 0.8
},
{
"db": "IVD",
"id": "4AAF9778-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "107612",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5192"
},
{
"db": "BID",
"id": "50932"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003508"
},
{
"db": "PACKETSTORM",
"id": "107612"
},
{
"db": "NVD",
"id": "CVE-2011-4037"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
]
},
"id": "VAR-201112-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5192"
}
],
"trust": 1.5875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5192"
}
]
},
"last_update_date": "2023-12-18T13:25:12.033000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/"
},
{
"title": "Patch for multiple product buffer overflow vulnerabilities in Sielco Sistemi",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6156"
},
{
"title": "Winlog_Setup_SF",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42194"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5192"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003508"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003508"
},
{
"db": "NVD",
"id": "CVE-2011-4037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-298-01.pdf"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/47078"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1026388"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4037"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4037"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50932"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47078/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47078"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47078/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5192"
},
{
"db": "BID",
"id": "50932"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003508"
},
{
"db": "PACKETSTORM",
"id": "107612"
},
{
"db": "NVD",
"id": "CVE-2011-4037"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5192"
},
{
"db": "BID",
"id": "50932"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003508"
},
{
"db": "PACKETSTORM",
"id": "107612"
},
{
"db": "NVD",
"id": "CVE-2011-4037"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5192"
},
{
"date": "2011-12-06T00:00:00",
"db": "BID",
"id": "50932"
},
{
"date": "2011-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003508"
},
{
"date": "2011-12-07T07:51:36",
"db": "PACKETSTORM",
"id": "107612"
},
{
"date": "2011-12-22T15:29:19.890000",
"db": "NVD",
"id": "CVE-2011-4037"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5192"
},
{
"date": "2011-12-06T00:00:00",
"db": "BID",
"id": "50932"
},
{
"date": "2011-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003508"
},
{
"date": "2012-01-12T05:00:00",
"db": "NVD",
"id": "CVE-2011-4037"
},
{
"date": "2011-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Multiple Product Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5192"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "4aaf9778-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-055"
}
],
"trust": 0.8
}
}
VAR-201101-0361
Vulnerability from variot - Updated: 2023-12-18 13:20Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823. Sielco Sistemi Winlog of TCP/IP The server contains a buffer overflow vulnerability. Sielco Sistemi Winlog In “Run TCP/IP server” There is a function of 46823/tcp using. A stack buffer overflow vulnerability exists in processing crafted packets. Attack code using this vulnerability has been released.Service disruption by a remote third party (DoS) An attacker may be able to attack or execute arbitrary code. Winlog Pro is an application for data acquisition and remote control of SCADA HMI monitoring software. The SCADA software can be run as a TCP/IP server by listening to the TCP 46823 port by enabling the \"Run TCP/IP server\" option in the project section \"Configuration->Options->TCP/IP\". The 0x02 opcode of the protocol is used to process some strings received by the client, and a function such as _TCPIP_WriteNumValueFP, _TCPIP_WriteDigValueFP or _TCPIP_WriteStrValueFP is called according to the data type. They parse the data using the same function at offset 00446795, and there is a stack overflow when copying the input data to the temporary buffer: 00446795 /$ 55 PUSH EBP 00446796 |. 8BEC MOV EBP, ESP 00446798 |. 83C4 C0 ADD ESP, -40 0044679B |. 53 PUSH EBX 0044679C |. 56 PUSH ESI 0044679D |. 57 PUSH EDI 0044679E |. 8B45 0C MOV EAX, DWORD PTR SS:[EBP+C] 004467A1 |. 8B5D 08 MOV EBX,DWORD PTR SS:[ EBP+8] 004467A4 |. 8BF8 MOV EDI,EAX 004467A6 |. 33C0 XOR EAX,EAX 004467A8 |. 56 PUSH ESI 004467A9 |. 83C9 FF OR ECX,FFFFFFFF 004467AC |. F2:AE REPNE SCAS BYTE PTR ES:[EDI] ; stren 004467AE |. F7D1 NOT ECX 004467B0 |. 2BF9 SUB EDI,ECX 004467B2 |. 8D75 C0 LEA ESI,DWORD PTR SS:[EBP-40] 004467B5 |. 87F7 XCHG EDI,ESI 004467B7 |. 8BD1 MOV EDX,ECX 004467B9 |. 8BC7 MOV EAX, EDI 00446 7BB |. C1E9 02 SHR ECX,2 004467BE |. F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; memcpy. Winlog Pro is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input. Failed attacks will cause denial-of-service conditions. Winlog Pro 2.07.00 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: Winlog Pro TCP/IP Server Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA42894
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42894/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42894
RELEASE DATE: 2011-01-15
DISCUSS ADVISORY: http://secunia.com/advisories/42894/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42894/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42894
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Luigi Auriemma has reported a vulnerability in Winlog Pro, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code, but requires the "Run TCP/IP Server" option to be enabled (disabled by default).
SOLUTION: Update to version 2.07.01.
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma
ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/winlog_1-adv.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201101-0361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sielco",
"version": null
},
{
"model": "winlog lite",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "2.07.01 earlier"
},
{
"model": "winlog pro",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "2.07.01 earlier"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 0.6,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "*"
},
{
"model": "sistemi winlog pro",
"scope": "ne",
"trust": 0.3,
"vendor": "sielco",
"version": "2.7.1"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1"
},
{
"db": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#496040"
},
{
"db": "CNVD",
"id": "CNVD-2011-0194"
},
{
"db": "BID",
"id": "45813"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001154"
},
{
"db": "NVD",
"id": "CVE-2011-0517"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0517"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "45813"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
],
"trust": 0.9
},
"cve": "CVE-2011-0517",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-0517",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-0517",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#496040",
"trust": 0.8,
"value": "1.10"
},
{
"author": "CNNVD",
"id": "CNNVD-201101-322",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1"
},
{
"db": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#496040"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001154"
},
{
"db": "NVD",
"id": "CVE-2011-0517"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823. Sielco Sistemi Winlog of TCP/IP The server contains a buffer overflow vulnerability. Sielco Sistemi Winlog In \u201cRun TCP/IP server\u201d There is a function of 46823/tcp using. A stack buffer overflow vulnerability exists in processing crafted packets. Attack code using this vulnerability has been released.Service disruption by a remote third party (DoS) An attacker may be able to attack or execute arbitrary code. Winlog Pro is an application for data acquisition and remote control of SCADA HMI monitoring software. The SCADA software can be run as a TCP/IP server by listening to the TCP 46823 port by enabling the \\\"Run TCP/IP server\\\" option in the project section \\\"Configuration-\u003eOptions-\u003eTCP/IP\\\". The 0x02 opcode of the protocol is used to process some strings received by the client, and a function such as _TCPIP_WriteNumValueFP, _TCPIP_WriteDigValueFP or _TCPIP_WriteStrValueFP is called according to the data type. They parse the data using the same function at offset 00446795, and there is a stack overflow when copying the input data to the temporary buffer: 00446795 /$ 55 PUSH EBP 00446796 |. 8BEC MOV EBP, ESP 00446798 |. 83C4 C0 ADD ESP, -40 0044679B |. 53 PUSH EBX 0044679C |. 56 PUSH ESI 0044679D |. 57 PUSH EDI 0044679E |. 8B45 0C MOV EAX, DWORD PTR SS:[EBP+C] 004467A1 |. 8B5D 08 MOV EBX,DWORD PTR SS:[ EBP+8] 004467A4 |. 8BF8 MOV EDI,EAX 004467A6 |. 33C0 XOR EAX,EAX 004467A8 |. 56 PUSH ESI 004467A9 |. 83C9 FF OR ECX,FFFFFFFF 004467AC |. F2:AE REPNE SCAS BYTE PTR ES:[EDI] ; stren 004467AE |. F7D1 NOT ECX 004467B0 |. 2BF9 SUB EDI,ECX 004467B2 |. 8D75 C0 LEA ESI,DWORD PTR SS:[EBP-40] 004467B5 |. 87F7 XCHG EDI,ESI 004467B7 |. 8BD1 MOV EDX,ECX 004467B9 |. 8BC7 MOV EAX, EDI 00446 7BB |. C1E9 02 SHR ECX,2 004467BE |. F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; memcpy. Winlog Pro is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input. Failed attacks will cause denial-of-service conditions. \nWinlog Pro 2.07.00 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nWinlog Pro TCP/IP Server Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA42894\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42894/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42894\n\nRELEASE DATE:\n2011-01-15\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42894/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42894/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42894\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nLuigi Auriemma has reported a vulnerability in Winlog Pro, which can\nbe exploited by malicious people to compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code, but\nrequires the \"Run TCP/IP Server\" option to be enabled (disabled by\ndefault). \n\nSOLUTION:\nUpdate to version 2.07.01. \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/winlog_1-adv.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0517"
},
{
"db": "CERT/CC",
"id": "VU#496040"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001154"
},
{
"db": "CNVD",
"id": "CNVD-2011-0194"
},
{
"db": "BID",
"id": "45813"
},
{
"db": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1"
},
{
"db": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "97557"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "45813",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2011-0517",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-11-017-02",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#496040",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "42894",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "15992",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2011-0126",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "70418",
"trust": 2.4
},
{
"db": "XF",
"id": "64716",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2011-0194",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201101-322",
"trust": 1.0
},
{
"db": "SREASON",
"id": "8280",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001154",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "17104",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7E8B81-463F-11E9-9A21-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "1836B484-1FA3-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "97557",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1"
},
{
"db": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#496040"
},
{
"db": "CNVD",
"id": "CNVD-2011-0194"
},
{
"db": "BID",
"id": "45813"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001154"
},
{
"db": "PACKETSTORM",
"id": "97557"
},
{
"db": "NVD",
"id": "CVE-2011-0517"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
]
},
"id": "VAR-201101-0361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1"
},
{
"db": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-0194"
}
],
"trust": 1.875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1"
},
{
"db": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-0194"
}
]
},
"last_update_date": "2023-12-18T13:20:18.358000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/index.html"
},
{
"title": "Winlog Pro malformed message stack buffer overflow vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/2609"
},
{
"title": "WinlogLite_Setup",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=37217"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-0194"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001154"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001154"
},
{
"db": "NVD",
"id": "CVE-2011-0517"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-017-02.pdf"
},
{
"trust": 2.4,
"url": "http://osvdb.org/70418"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/42894"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/45813"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2011/0126"
},
{
"trust": 1.8,
"url": "http://www.kb.cert.org/vuls/id/496040"
},
{
"trust": 1.6,
"url": "http://aluigi.org/adv/winlog_1-adv.txt"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/15992"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/64716"
},
{
"trust": 1.0,
"url": "http://aluigi.altervista.org/adv/winlog_1-adv.txt"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8280"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64716"
},
{
"trust": 0.8,
"url": "http://www.exploit-db.com/exploits/15992/"
},
{
"trust": 0.8,
"url": "http://www.sielcosistemi.com/download/winloglite_setup.exe"
},
{
"trust": 0.8,
"url": "http://www.sielcosistemi.com/download/winlog_setup_sf.exe"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0517"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu496040"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0517"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17104"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42894/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42894/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42894"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#496040"
},
{
"db": "CNVD",
"id": "CNVD-2011-0194"
},
{
"db": "BID",
"id": "45813"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001154"
},
{
"db": "PACKETSTORM",
"id": "97557"
},
{
"db": "NVD",
"id": "CVE-2011-0517"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1"
},
{
"db": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#496040"
},
{
"db": "CNVD",
"id": "CNVD-2011-0194"
},
{
"db": "BID",
"id": "45813"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001154"
},
{
"db": "PACKETSTORM",
"id": "97557"
},
{
"db": "NVD",
"id": "CVE-2011-0517"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-01-17T00:00:00",
"db": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1"
},
{
"date": "2011-01-17T00:00:00",
"db": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d"
},
{
"date": "2011-02-03T00:00:00",
"db": "CERT/CC",
"id": "VU#496040"
},
{
"date": "2011-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-0194"
},
{
"date": "2011-01-14T00:00:00",
"db": "BID",
"id": "45813"
},
{
"date": "2011-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001154"
},
{
"date": "2011-01-14T03:38:37",
"db": "PACKETSTORM",
"id": "97557"
},
{
"date": "2011-01-20T19:00:12.287000",
"db": "NVD",
"id": "CVE-2011-0517"
},
{
"date": "2011-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-02-03T00:00:00",
"db": "CERT/CC",
"id": "VU#496040"
},
{
"date": "2011-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-0194"
},
{
"date": "2015-03-19T09:45:00",
"db": "BID",
"id": "45813"
},
{
"date": "2011-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001154"
},
{
"date": "2017-08-17T01:33:35.853000",
"db": "NVD",
"id": "CVE-2011-0517"
},
{
"date": "2011-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Winlog Pro Malformed message stack buffer overflow vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1"
},
{
"db": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-0194"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d7e8b81-463f-11e9-9a21-000c29342cb1"
},
{
"db": "IVD",
"id": "1836b484-1fa3-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-322"
}
],
"trust": 1.0
}
}
VAR-201702-0679
Vulnerability from variot - Updated: 2023-12-18 12:37An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. A native code execution vulnerability exists in Sielco Sistemi Winlog Pro and Winlog Lite. An attacker exploited the vulnerability to execute arbitrary code or crash an application in an affected application, causing a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0679",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "3.01.10"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "3.01.10"
},
{
"model": "winlog lite",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "3.02.01"
},
{
"model": "winlog pro",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "3.02.01"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.6,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.6,
"vendor": "sielco",
"version": "2.7"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.6,
"vendor": "sielco",
"version": "2.7.1"
},
{
"model": "sistemi winlog lite",
"scope": "eq",
"trust": 0.6,
"vendor": "sielco",
"version": "2.07.14"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.6,
"vendor": "sielco",
"version": "2.7.18"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.6,
"vendor": "sielco",
"version": "2.7.16"
},
{
"model": "sistemi winlog lite",
"scope": "eq",
"trust": 0.6,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": "sistemi winlog lite",
"scope": "eq",
"trust": 0.6,
"vendor": "sielco",
"version": "2.07.16"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 0.6,
"vendor": "sielcosistemi",
"version": "3.01.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 0.6,
"vendor": "sielcosistemi",
"version": "3.01.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 0.3,
"vendor": "sielcosistemi",
"version": "2.7.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 0.3,
"vendor": "sielcosistemi",
"version": "2.7.16"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 0.3,
"vendor": "sielcosistemi",
"version": "2.7.9"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 0.3,
"vendor": "sielcosistemi",
"version": "2.7.1"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 0.3,
"vendor": "sielcosistemi",
"version": "2.7"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 0.3,
"vendor": "sielcosistemi",
"version": "2.7.9"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 0.3,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 0.3,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "ne",
"trust": 0.3,
"vendor": "sielcosistemi",
"version": "3.2.1"
},
{
"model": "winlog lite",
"scope": "ne",
"trust": 0.3,
"vendor": "sielcosistemi",
"version": "3.2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61"
},
{
"db": "CNVD",
"id": "CNVD-2017-01561"
},
{
"db": "BID",
"id": "96119"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002236"
},
{
"db": "NVD",
"id": "CVE-2017-5161"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.01.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.01.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5161"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "96119"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
],
"trust": 0.9
},
"cve": "CVE-2017-5161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-5161",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-01561",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.6,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5161",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5161",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-01561",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-383",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61"
},
{
"db": "CNVD",
"id": "CNVD-2017-01561"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002236"
},
{
"db": "NVD",
"id": "CVE-2017-5161"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. A native code execution vulnerability exists in Sielco Sistemi Winlog Pro and Winlog Lite. An attacker exploited the vulnerability to execute arbitrary code or crash an application in an affected application, causing a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002236"
},
{
"db": "CNVD",
"id": "CNVD-2017-01561"
},
{
"db": "BID",
"id": "96119"
},
{
"db": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5161",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-038-01",
"trust": 2.7
},
{
"db": "BID",
"id": "96119",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-01561",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-383",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002236",
"trust": 0.8
},
{
"db": "IVD",
"id": "2ECB868A-3B72-437C-A2E8-7597DB52BF61",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61"
},
{
"db": "CNVD",
"id": "CNVD-2017-01561"
},
{
"db": "BID",
"id": "96119"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002236"
},
{
"db": "NVD",
"id": "CVE-2017-5161"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
]
},
"id": "VAR-201702-0679",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61"
},
{
"db": "CNVD",
"id": "CNVD-2017-01561"
}
],
"trust": 1.5875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61"
},
{
"db": "CNVD",
"id": "CNVD-2017-01561"
}
]
},
"last_update_date": "2023-12-18T12:37:36.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WinLog Pro",
"trust": 0.8,
"url": "https://www.sielcosistemi.com/en/download/public/download.html"
},
{
"title": "Sielco Sistemi Winlog Pro/ Winlog Lite DLL loads patches for native code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89505"
},
{
"title": "Sielco Sistemi Winlog Pro/ Winlog Lite Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67685"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01561"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002236"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002236"
},
{
"db": "NVD",
"id": "CVE-2017-5161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-038-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/96119"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5161"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5161"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01561"
},
{
"db": "BID",
"id": "96119"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002236"
},
{
"db": "NVD",
"id": "CVE-2017-5161"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61"
},
{
"db": "CNVD",
"id": "CNVD-2017-01561"
},
{
"db": "BID",
"id": "96119"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002236"
},
{
"db": "NVD",
"id": "CVE-2017-5161"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-18T00:00:00",
"db": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01561"
},
{
"date": "2017-02-07T00:00:00",
"db": "BID",
"id": "96119"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002236"
},
{
"date": "2017-02-13T21:59:02.830000",
"db": "NVD",
"id": "CVE-2017-5161"
},
{
"date": "2017-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01561"
},
{
"date": "2017-03-07T05:02:00",
"db": "BID",
"id": "96119"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002236"
},
{
"date": "2017-03-15T17:44:08.717000",
"db": "NVD",
"id": "CVE-2017-5161"
},
{
"date": "2017-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Pro/ Winlog Lite DLL Load Local Code Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61"
},
{
"db": "CNVD",
"id": "CNVD-2017-01561"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "2ecb868a-3b72-437c-a2e8-7597db52bf61"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-383"
}
],
"trust": 0.8
}
}
VAR-201206-0183
Vulnerability from variot - Updated: 2023-12-18 12:09Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. There is a security hole in Winlog Pro/lite. Winlog Pro/lite has an input validation error. Unauthorized users can send special requests to the TCP 46824 port to access the read system files. Winlog Lite is prone to a remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA49395
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE: 2012-06-06
DISCUSS ADVISORY: http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: m1k3 has discovered a vulnerability in Winlog, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but requires a project to be configured for TCP server mode (not by default).
The vulnerability is confirmed in version 2.07.14. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: m1k3
ORIGINAL ADVISORY: http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sistemi winlog pro scada",
"scope": "lt",
"trust": 2.4,
"vendor": "sielco",
"version": "2.07.1"
},
{
"model": "sistemi winlog lite scada",
"scope": "lt",
"trust": 2.4,
"vendor": "sielco",
"version": "2.07.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog lite",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "winlog pro",
"version": "*"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "sistemi winlog lite",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.07.14"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "lte",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 0.6,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 0.6,
"vendor": "sielcosistemi",
"version": "2.07.14"
}
],
"sources": [
{
"db": "IVD",
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4102"
},
{
"db": "CNVD",
"id": "CNVD-2012-3047"
},
{
"db": "CNVD",
"id": "CNVD-2012-4099"
},
{
"db": "CNVD",
"id": "CNVD-2012-4101"
},
{
"db": "CNVD",
"id": "CNVD-2012-4100"
},
{
"db": "BID",
"id": "53811"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002929"
},
{
"db": "NVD",
"id": "CVE-2012-3815"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-070"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3815"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "m1k3",
"sources": [
{
"db": "BID",
"id": "53811"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-070"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3815",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-3815",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3815",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-070",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002929"
},
{
"db": "NVD",
"id": "CVE-2012-3815"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. There is a security hole in Winlog Pro/lite. Winlog Pro/lite has an input validation error. Unauthorized users can send special requests to the TCP 46824 port to access the read system files. Winlog Lite is prone to a remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nWinlog Packet Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49395\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49395/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nRELEASE DATE:\n2012-06-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49395/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49395/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nm1k3 has discovered a vulnerability in Winlog, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nSuccessful exploitation allows execution of arbitrary code, but\nrequires a project to be configured for TCP server mode (not by\ndefault). \n\nThe vulnerability is confirmed in version 2.07.14. Other versions may\nalso be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nm1k3\n\nORIGINAL ADVISORY:\nhttp://www.s3cur1ty.de/m1adv2012-001\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3815"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002929"
},
{
"db": "CNVD",
"id": "CNVD-2012-4102"
},
{
"db": "CNVD",
"id": "CNVD-2012-3047"
},
{
"db": "CNVD",
"id": "CNVD-2012-4099"
},
{
"db": "CNVD",
"id": "CNVD-2012-4101"
},
{
"db": "CNVD",
"id": "CNVD-2012-4100"
},
{
"db": "BID",
"id": "53811"
},
{
"db": "IVD",
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "113312"
}
],
"trust": 5.58
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3815",
"trust": 6.1
},
{
"db": "ICS CERT",
"id": "ICSA-12-213-01",
"trust": 4.5
},
{
"db": "BID",
"id": "53811",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "49395",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201206-070",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1027128",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "82654",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2012-4101",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-4102",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-4100",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-4099",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-3047",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002929",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20120605 SIELCO SISTEMI WINLOG BUFFER OVERFLOW \u003c= V2.07.14",
"trust": 0.6
},
{
"db": "XF",
"id": "76060",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-166-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "B3D76DA8-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "52A26E38-1F5D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "2CCB7B82-1F5D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "2E18EF1A-1F5D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "287FD96C-1F65-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "113312",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4102"
},
{
"db": "CNVD",
"id": "CNVD-2012-3047"
},
{
"db": "CNVD",
"id": "CNVD-2012-4099"
},
{
"db": "CNVD",
"id": "CNVD-2012-4101"
},
{
"db": "CNVD",
"id": "CNVD-2012-4100"
},
{
"db": "BID",
"id": "53811"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002929"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-3815"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-070"
}
]
},
"id": "VAR-201206-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4102"
},
{
"db": "CNVD",
"id": "CNVD-2012-3047"
},
{
"db": "CNVD",
"id": "CNVD-2012-4099"
},
{
"db": "CNVD",
"id": "CNVD-2012-4101"
},
{
"db": "CNVD",
"id": "CNVD-2012-4100"
}
],
"trust": 4.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 4.0
}
],
"sources": [
{
"db": "IVD",
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4102"
},
{
"db": "CNVD",
"id": "CNVD-2012-3047"
},
{
"db": "CNVD",
"id": "CNVD-2012-4099"
},
{
"db": "CNVD",
"id": "CNVD-2012-4101"
},
{
"db": "CNVD",
"id": "CNVD-2012-4100"
}
]
},
"last_update_date": "2023-12-18T12:09:49.014000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Winlog Pro SCADA and Winlog Lite SCADA 2.07.17",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
},
{
"title": "Winlog Pro SCADA and Winlog Lite SCADA 2.07.18",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=70"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/index.html"
},
{
"title": "Sielco Sistemi Winlog Application Vulnerability (CNVD-2012-4102) patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/19521"
},
{
"title": "Patch for Sielco Sistemi Winlog Application Vulnerability (CNVD-2012-4099)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/19518"
},
{
"title": "Patch for Sielco Sistemi Winlog Application Vulnerability (CNVD-2012-4101)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/19520"
},
{
"title": "Patch for Sielco Sistemi Winlog Application Vulnerability (CNVD-2012-4100)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/19519"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4102"
},
{
"db": "CNVD",
"id": "CNVD-2012-4099"
},
{
"db": "CNVD",
"id": "CNVD-2012-4101"
},
{
"db": "CNVD",
"id": "CNVD-2012-4100"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002929"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002929"
},
{
"db": "NVD",
"id": "CVE-2012-3815"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-213-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.s3cur1ty.de/m1adv2012-001"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0009.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49395"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1027128"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/82654"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/53811"
},
{
"trust": 1.0,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
},
{
"trust": 1.0,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=70"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76060"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3815"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-213-01"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3815"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/522974"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/76060"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/download/public/winlog_lite.html"
},
{
"trust": 0.3,
"url": "/archive/1/522974"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-166-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4102"
},
{
"db": "CNVD",
"id": "CNVD-2012-3047"
},
{
"db": "CNVD",
"id": "CNVD-2012-4099"
},
{
"db": "CNVD",
"id": "CNVD-2012-4101"
},
{
"db": "CNVD",
"id": "CNVD-2012-4100"
},
{
"db": "BID",
"id": "53811"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002929"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-3815"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4102"
},
{
"db": "CNVD",
"id": "CNVD-2012-3047"
},
{
"db": "CNVD",
"id": "CNVD-2012-4099"
},
{
"db": "CNVD",
"id": "CNVD-2012-4101"
},
{
"db": "CNVD",
"id": "CNVD-2012-4100"
},
{
"db": "BID",
"id": "53811"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002929"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-3815"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-07T00:00:00",
"db": "IVD",
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-07T00:00:00",
"db": "IVD",
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-07T00:00:00",
"db": "IVD",
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-07T00:00:00",
"db": "IVD",
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-08T00:00:00",
"db": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4102"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3047"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4099"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4101"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4100"
},
{
"date": "2012-06-05T00:00:00",
"db": "BID",
"id": "53811"
},
{
"date": "2012-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002929"
},
{
"date": "2012-06-06T03:39:38",
"db": "PACKETSTORM",
"id": "113312"
},
{
"date": "2012-06-27T21:55:05.957000",
"db": "NVD",
"id": "CVE-2012-3815"
},
{
"date": "2012-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4102"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3047"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4099"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4101"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4100"
},
{
"date": "2015-03-19T08:45:00",
"db": "BID",
"id": "53811"
},
{
"date": "2013-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002929"
},
{
"date": "2017-08-29T01:32:05.697000",
"db": "NVD",
"id": "CVE-2012-3815"
},
{
"date": "2012-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-070"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Lite Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3047"
},
{
"db": "BID",
"id": "53811"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "b3d76da8-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "52a26e38-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ccb7b82-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2e18ef1a-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "287fd96c-1f65-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-070"
}
],
"trust": 1.6
}
}
VAR-201208-0286
Vulnerability from variot - Updated: 2023-12-18 12:09Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Vulnerabilities in array indexes in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. Winlog Pro is prone to the following security vulnerabilities: 1. Multiple code-execution vulnerabilities. 2. A stack-based buffer-overflow vulnerability. 3. A directory-traversal vulnerability. Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. Winlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA49395
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE: 2012-06-06
DISCUSS ADVISORY: http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: m1k3 has discovered a vulnerability in Winlog, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when processing packets and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but requires a project to be configured for TCP server mode (not by default).
The vulnerability is confirmed in version 2.07.14. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: m1k3
ORIGINAL ADVISORY: http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0286",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 1.5,
"vendor": "sielco",
"version": "2.7"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.1"
},
{
"model": "winlog lite",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.17"
},
{
"model": "winlog pro",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.17"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 0.6,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "winlog lite",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8315"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003749"
},
{
"db": "NVD",
"id": "CVE-2012-4357"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-326"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4357"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "54212"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4357",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4357",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8315",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7ef61120-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4357",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2012-8315",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-326",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8315"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003749"
},
{
"db": "NVD",
"id": "CVE-2012-4357"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Vulnerabilities in array indexes in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. Winlog Pro is prone to the following security vulnerabilities:\n1. Multiple code-execution vulnerabilities. \n2. A stack-based buffer-overflow vulnerability. \n3. A directory-traversal vulnerability. \nAttackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. \nWinlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nWinlog Packet Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49395\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49395/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nRELEASE DATE:\n2012-06-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49395/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49395/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nm1k3 has discovered a vulnerability in Winlog, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to an error in RunTime.exe when\nprocessing packets and can be exploited to cause a stack-based buffer\noverflow via a specially crafted packet sent to TCP port 46824. \n\nSuccessful exploitation allows execution of arbitrary code, but\nrequires a project to be configured for TCP server mode (not by\ndefault). \n\nThe vulnerability is confirmed in version 2.07.14. Other versions may\nalso be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nm1k3\n\nORIGINAL ADVISORY:\nhttp://www.s3cur1ty.de/m1adv2012-001\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4357"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003749"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8315"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "113312"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4357",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-213-01",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "49395",
"trust": 1.7
},
{
"db": "BID",
"id": "54212",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-8315",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201208-326",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003749",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "19409",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2012-3401",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-179-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "7EF61120-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "113312",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8315"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003749"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4357"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-326"
}
]
},
"id": "VAR-201208-0286",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8315"
}
],
"trust": 2.275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.4
}
],
"sources": [
{
"db": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8315"
}
]
},
"last_update_date": "2023-12-18T12:09:48.967000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Winlog Pro SCADA and Winlog Lite SCADA 2.07.17",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003749"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003749"
},
{
"db": "NVD",
"id": "CVE-2012-4357"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-213-01.pdf"
},
{
"trust": 1.6,
"url": "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49395"
},
{
"trust": 1.6,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4357"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4357"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/19409/"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/winlog_2-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-179-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.s3cur1ty.de/m1adv2012-001"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8315"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003749"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4357"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8315"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003749"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4357"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8315"
},
{
"date": "2012-06-26T00:00:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003749"
},
{
"date": "2012-06-06T03:39:38",
"db": "PACKETSTORM",
"id": "113312"
},
{
"date": "2012-08-19T20:55:01.910000",
"db": "NVD",
"id": "CVE-2012-4357"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8315"
},
{
"date": "2015-03-19T08:22:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003749"
},
{
"date": "2012-08-20T04:00:00",
"db": "NVD",
"id": "CVE-2012-4357"
},
{
"date": "2012-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8315"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-326"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "7ef61120-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-326"
}
],
"trust": 0.8
}
}
VAR-201208-0288
Vulnerability from variot - Updated: 2023-12-18 12:09Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. A vulnerability exists in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.18 and versions prior to Winlog Lite SCADA 2.07.18. The vulnerability stems from the unverified ‘realloc’ function return value. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is prone to the following security vulnerabilities: 1. Multiple code-execution vulnerabilities. 2. A stack-based buffer-overflow vulnerability. 3. A directory-traversal vulnerability. Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA49395
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE: 2012-06-06
DISCUSS ADVISORY: http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: m1k3 has discovered a vulnerability in Winlog, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when processing packets and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but requires a project to be configured for TCP server mode (not by default).
The vulnerability is confirmed in version 2.07.14. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: m1k3
ORIGINAL ADVISORY: http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0288",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 1.5,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.17"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.17"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.1"
},
{
"model": "winlog lite",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.18"
},
{
"model": "winlog pro",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003751"
},
{
"db": "NVD",
"id": "CVE-2012-4359"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-328"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4359"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "54212"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4359",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8313",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4359",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2012-8313",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-328",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003751"
},
{
"db": "NVD",
"id": "CVE-2012-4359"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. A vulnerability exists in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.18 and versions prior to Winlog Lite SCADA 2.07.18. The vulnerability stems from the unverified \u0026lsquo;realloc\u0026rsquo; function return value. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is prone to the following security vulnerabilities:\n1. Multiple code-execution vulnerabilities. \n2. A stack-based buffer-overflow vulnerability. \n3. A directory-traversal vulnerability. \nAttackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nWinlog Packet Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49395\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49395/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nRELEASE DATE:\n2012-06-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49395/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49395/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nm1k3 has discovered a vulnerability in Winlog, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to an error in RunTime.exe when\nprocessing packets and can be exploited to cause a stack-based buffer\noverflow via a specially crafted packet sent to TCP port 46824. \n\nSuccessful exploitation allows execution of arbitrary code, but\nrequires a project to be configured for TCP server mode (not by\ndefault). \n\nThe vulnerability is confirmed in version 2.07.14. Other versions may\nalso be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nm1k3\n\nORIGINAL ADVISORY:\nhttp://www.s3cur1ty.de/m1adv2012-001\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4359"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003751"
},
{
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "113312"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4359",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-12-213-01",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "49395",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2012-8313",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201208-328",
"trust": 1.0
},
{
"db": "BID",
"id": "54212",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003751",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "19409",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2012-3401",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-179-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "7E945BA6-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D76EA62-463F-11E9-A53B-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "113312",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003751"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4359"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-328"
}
]
},
"id": "VAR-201208-0288",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
}
],
"trust": 2.475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
}
]
},
"last_update_date": "2023-12-18T12:09:48.920000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Winlog Pro SCADA and Winlog Lite SCADA 2.07.18",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=70"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003751"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003751"
},
{
"db": "NVD",
"id": "CVE-2012-4359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-213-01.pdf"
},
{
"trust": 1.6,
"url": "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49395"
},
{
"trust": 1.6,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=70"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4359"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4359"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/19409/"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/winlog_2-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-179-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.s3cur1ty.de/m1adv2012-001"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003751"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4359"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003751"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4359"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-06-26T00:00:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003751"
},
{
"date": "2012-06-06T03:39:38",
"db": "PACKETSTORM",
"id": "113312"
},
{
"date": "2012-08-19T20:55:02.003000",
"db": "NVD",
"id": "CVE-2012-4359"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2015-03-19T08:22:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003751"
},
{
"date": "2012-08-20T04:00:00",
"db": "NVD",
"id": "CVE-2012-4359"
},
{
"date": "2012-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-328"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-328"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8313"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-328"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "7e945ba6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d76ea62-463f-11e9-a53b-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-328"
}
],
"trust": 1.0
}
}
VAR-201208-0291
Vulnerability from variot - Updated: 2023-12-18 12:09TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354. Sielco Sistemi Winlog Pro SCADA and Winlog Lite SCADA of TCPIPS_Story.dll Contains a vulnerability that allows arbitrary code execution. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Winlog Pro is prone to the following security vulnerabilities: 1. Multiple code-execution vulnerabilities. 2. A stack-based buffer-overflow vulnerability. 3. A directory-traversal vulnerability. Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA49395
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE: 2012-06-06
DISCUSS ADVISORY: http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: m1k3 has discovered a vulnerability in Winlog, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but requires a project to be configured for TCP server mode (not by default).
The vulnerability is confirmed in version 2.07.14. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: m1k3
ORIGINAL ADVISORY: http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0291",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 1.5,
"vendor": "sielco",
"version": "2.7"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.17"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.17"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.1"
},
{
"model": "winlog lite",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.18"
},
{
"model": "winlog pro",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773880-463f-11e9-87d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8317"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003747"
},
{
"db": "NVD",
"id": "CVE-2012-4355"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-324"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4355"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "54212"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4355",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4355",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-8317",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "7d773880-463f-11e9-87d3-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4355",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2012-8317",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-324",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d773880-463f-11e9-87d3-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2012-4355",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773880-463f-11e9-87d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8317"
},
{
"db": "VULMON",
"id": "CVE-2012-4355"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003747"
},
{
"db": "NVD",
"id": "CVE-2012-4355"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-324"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354. Sielco Sistemi Winlog Pro SCADA and Winlog Lite SCADA of TCPIPS_Story.dll Contains a vulnerability that allows arbitrary code execution. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Winlog Pro is prone to the following security vulnerabilities:\n1. Multiple code-execution vulnerabilities. \n2. A stack-based buffer-overflow vulnerability. \n3. A directory-traversal vulnerability. \nAttackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nWinlog Packet Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49395\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49395/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nRELEASE DATE:\n2012-06-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49395/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49395/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nm1k3 has discovered a vulnerability in Winlog, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nSuccessful exploitation allows execution of arbitrary code, but\nrequires a project to be configured for TCP server mode (not by\ndefault). \n\nThe vulnerability is confirmed in version 2.07.14. Other versions may\nalso be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nm1k3\n\nORIGINAL ADVISORY:\nhttp://www.s3cur1ty.de/m1adv2012-001\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4355"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003747"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8317"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "IVD",
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773880-463f-11e9-87d3-000c29342cb1"
},
{
"db": "VULMON",
"id": "CVE-2012-4355"
},
{
"db": "PACKETSTORM",
"id": "113312"
}
],
"trust": 3.51
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=19409",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-4355"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4355",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-213-01",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "49395",
"trust": 1.8
},
{
"db": "CNVD",
"id": "CNVD-2012-8317",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201208-324",
"trust": 1.0
},
{
"db": "BID",
"id": "54212",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003747",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "19409",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-3401",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-179-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "7F0FB99A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D773880-463F-11E9-87D3-000C29342CB1",
"trust": 0.2
},
{
"db": "ICS CERT",
"id": "ICSA-12-213-01A",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-4355",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113312",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773880-463f-11e9-87d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8317"
},
{
"db": "VULMON",
"id": "CVE-2012-4355"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003747"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4355"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-324"
}
]
},
"id": "VAR-201208-0291",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773880-463f-11e9-87d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8317"
}
],
"trust": 2.475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773880-463f-11e9-87d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8317"
}
]
},
"last_update_date": "2023-12-18T12:09:48.861000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Winlog Pro SCADA and Winlog Lite SCADA 2.07.18",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=70"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003747"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003747"
},
{
"db": "NVD",
"id": "CVE-2012-4355"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-213-01.pdf"
},
{
"trust": 1.7,
"url": "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/49395"
},
{
"trust": 1.7,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=70"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4355"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4355"
},
{
"trust": 0.7,
"url": "http://www.exploit-db.com/exploits/19409/"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/winlog_2-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-179-01.pdf"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/189.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-12-213-01a"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.s3cur1ty.de/m1adv2012-001"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8317"
},
{
"db": "VULMON",
"id": "CVE-2012-4355"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003747"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4355"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-324"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773880-463f-11e9-87d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8317"
},
{
"db": "VULMON",
"id": "CVE-2012-4355"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003747"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4355"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-324"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7d773880-463f-11e9-87d3-000c29342cb1"
},
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8317"
},
{
"date": "2012-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2012-4355"
},
{
"date": "2012-06-26T00:00:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003747"
},
{
"date": "2012-06-06T03:39:38",
"db": "PACKETSTORM",
"id": "113312"
},
{
"date": "2012-08-19T20:55:01.787000",
"db": "NVD",
"id": "CVE-2012-4355"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-324"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8317"
},
{
"date": "2012-08-20T00:00:00",
"db": "VULMON",
"id": "CVE-2012-4355"
},
{
"date": "2015-03-19T08:22:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003747"
},
{
"date": "2012-08-20T04:00:00",
"db": "NVD",
"id": "CVE-2012-4355"
},
{
"date": "2012-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-324"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-324"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7f0fb99a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773880-463f-11e9-87d3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8317"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-324"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-324"
}
],
"trust": 0.6
}
}
VAR-201208-0289
Vulnerability from variot - Updated: 2023-12-18 12:09Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Winlog Pro is prone to the following security vulnerabilities: 1. Multiple code-execution vulnerabilities. 2. A stack-based buffer-overflow vulnerability. 3. A directory-traversal vulnerability. Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. Winlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA49395
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE: 2012-06-06
DISCUSS ADVISORY: http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: m1k3 has discovered a vulnerability in Winlog, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but requires a project to be configured for TCP server mode (not by default).
The vulnerability is confirmed in version 2.07.14. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: m1k3
ORIGINAL ADVISORY: http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0289",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 1.5,
"vendor": "sielco",
"version": "2.7"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 1.1,
"vendor": "sielco",
"version": "2.7.1"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": "winlog lite",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.17"
},
{
"model": "winlog pro",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "*"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.2,
"vendor": "sielco",
"version": "2.7.9*"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.2,
"vendor": "sielco",
"version": "2.7*"
}
],
"sources": [
{
"db": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "91caf706-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8319"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003745"
},
{
"db": "NVD",
"id": "CVE-2012-4353"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-322"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4353"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "54212"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4353",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4353",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-8319",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "91caf706-1f62-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4353",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2012-8319",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-322",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "91caf706-1f62-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "91caf706-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8319"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003745"
},
{
"db": "NVD",
"id": "CVE-2012-4353"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Winlog Pro is prone to the following security vulnerabilities:\n1. Multiple code-execution vulnerabilities. \n2. A stack-based buffer-overflow vulnerability. \n3. A directory-traversal vulnerability. \nAttackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. \nWinlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nWinlog Packet Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49395\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49395/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nRELEASE DATE:\n2012-06-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49395/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49395/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nm1k3 has discovered a vulnerability in Winlog, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nSuccessful exploitation allows execution of arbitrary code, but\nrequires a project to be configured for TCP server mode (not by\ndefault). \n\nThe vulnerability is confirmed in version 2.07.14. Other versions may\nalso be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nm1k3\n\nORIGINAL ADVISORY:\nhttp://www.s3cur1ty.de/m1adv2012-001\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4353"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003745"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8319"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "91caf706-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "113312"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4353",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-12-213-01",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "49395",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201208-322",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2012-8319",
"trust": 1.0
},
{
"db": "BID",
"id": "54212",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3401",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003745",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "19409",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-179-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "7E8E718C-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "91CAF706-1F62-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D775F8F-463F-11E9-B72E-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "113312",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "91caf706-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8319"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003745"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4353"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-322"
}
]
},
"id": "VAR-201208-0289",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "91caf706-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8319"
}
],
"trust": 2.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "91caf706-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8319"
}
]
},
"last_update_date": "2023-12-18T12:09:48.805000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Winlog Pro SCADA and Winlog Lite SCADA 2.07.17",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003745"
},
{
"db": "NVD",
"id": "CVE-2012-4353"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-213-01.pdf"
},
{
"trust": 1.6,
"url": "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49395"
},
{
"trust": 1.6,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4353"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4353"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/19409/"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/winlog_2-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-179-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.s3cur1ty.de/m1adv2012-001"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8319"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003745"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4353"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "91caf706-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8319"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003745"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4353"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-29T00:00:00",
"db": "IVD",
"id": "91caf706-1f62-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1"
},
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8319"
},
{
"date": "2012-06-26T00:00:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003745"
},
{
"date": "2012-06-06T03:39:38",
"db": "PACKETSTORM",
"id": "113312"
},
{
"date": "2012-08-19T20:55:01.440000",
"db": "NVD",
"id": "CVE-2012-4353"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8319"
},
{
"date": "2015-03-19T08:22:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003745"
},
{
"date": "2012-08-20T04:00:00",
"db": "NVD",
"id": "CVE-2012-4353"
},
{
"date": "2012-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8319"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-322"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7e8e718c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "91caf706-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d775f8f-463f-11e9-b72e-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-322"
}
],
"trust": 1.2
}
}
VAR-201208-0290
Vulnerability from variot - Updated: 2023-12-18 12:09TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Vulnerabilities in TCPIPS_Story.dll in versions of Sielco Sistemi Winlog Pro prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. Winlog Pro is prone to the following security vulnerabilities: 1. Multiple code-execution vulnerabilities. 2. A stack-based buffer-overflow vulnerability. 3. A directory-traversal vulnerability. Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA49395
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE: 2012-06-06
DISCUSS ADVISORY: http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: m1k3 has discovered a vulnerability in Winlog, which can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code, but requires a project to be configured for TCP server mode (not by default).
The vulnerability is confirmed in version 2.07.14. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: m1k3
ORIGINAL ADVISORY: http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0290",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 1.5,
"vendor": "sielco",
"version": "2.7"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.1"
},
{
"model": "winlog lite",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.17"
},
{
"model": "winlog pro",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773881-463f-11e9-92a0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8318"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003746"
},
{
"db": "NVD",
"id": "CVE-2012-4354"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4354"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "54212"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4354",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4354",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-8318",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "7d773881-463f-11e9-92a0-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4354",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2012-8318",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-323",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d773881-463f-11e9-92a0-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773881-463f-11e9-92a0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8318"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003746"
},
{
"db": "NVD",
"id": "CVE-2012-4354"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Vulnerabilities in TCPIPS_Story.dll in versions of Sielco Sistemi Winlog Pro prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. Winlog Pro is prone to the following security vulnerabilities:\n1. Multiple code-execution vulnerabilities. \n2. A stack-based buffer-overflow vulnerability. \n3. A directory-traversal vulnerability. \nAttackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nWinlog Packet Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49395\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49395/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nRELEASE DATE:\n2012-06-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49395/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49395/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nm1k3 has discovered a vulnerability in Winlog, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nSuccessful exploitation allows execution of arbitrary code, but\nrequires a project to be configured for TCP server mode (not by\ndefault). \n\nThe vulnerability is confirmed in version 2.07.14. Other versions may\nalso be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nm1k3\n\nORIGINAL ADVISORY:\nhttp://www.s3cur1ty.de/m1adv2012-001\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4354"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003746"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8318"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "IVD",
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773881-463f-11e9-92a0-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "113312"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4354",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-12-213-01",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "49395",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2012-8318",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201208-323",
"trust": 1.0
},
{
"db": "BID",
"id": "54212",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003746",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "19409",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2012-3401",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-179-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "7F1C3B16-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D773881-463F-11E9-92A0-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "113312",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773881-463f-11e9-92a0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8318"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003746"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4354"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-323"
}
]
},
"id": "VAR-201208-0290",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773881-463f-11e9-92a0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8318"
}
],
"trust": 2.475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773881-463f-11e9-92a0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8318"
}
]
},
"last_update_date": "2023-12-18T12:09:48.749000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Winlog Pro SCADA and Winlog Lite SCADA 2.07.17",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003746"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003746"
},
{
"db": "NVD",
"id": "CVE-2012-4354"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-213-01.pdf"
},
{
"trust": 1.6,
"url": "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49395"
},
{
"trust": 1.6,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4354"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4354"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/19409/"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/winlog_2-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-179-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.s3cur1ty.de/m1adv2012-001"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8318"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003746"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4354"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773881-463f-11e9-92a0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8318"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003746"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4354"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7d773881-463f-11e9-92a0-000c29342cb1"
},
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8318"
},
{
"date": "2012-06-26T00:00:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003746"
},
{
"date": "2012-06-06T03:39:38",
"db": "PACKETSTORM",
"id": "113312"
},
{
"date": "2012-08-19T20:55:01.690000",
"db": "NVD",
"id": "CVE-2012-4354"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8318"
},
{
"date": "2015-03-19T08:22:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003746"
},
{
"date": "2012-08-20T04:00:00",
"db": "NVD",
"id": "CVE-2012-4354"
},
{
"date": "2012-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-323"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7f1c3b16-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d773881-463f-11e9-92a0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8318"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-323"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-323"
}
],
"trust": 0.6
}
}
VAR-201208-0287
Vulnerability from variot - Updated: 2023-12-18 12:09Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. A vulnerability exists in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. The vulnerability stems from the unverified ‘realloc’ function return value. Winlog Pro is prone to the following security vulnerabilities: 1. Multiple code-execution vulnerabilities. 2. A stack-based buffer-overflow vulnerability. 3. A directory-traversal vulnerability. Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA49395
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE: 2012-06-06
DISCUSS ADVISORY: http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: m1k3 has discovered a vulnerability in Winlog, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when processing packets and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but requires a project to be configured for TCP server mode (not by default).
The vulnerability is confirmed in version 2.07.14. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: m1k3
ORIGINAL ADVISORY: http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0287",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 1.5,
"vendor": "sielco",
"version": "2.7"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.1"
},
{
"model": "winlog lite",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.17"
},
{
"model": "winlog pro",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.17"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8314"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003750"
},
{
"db": "NVD",
"id": "CVE-2012-4358"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4358"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "54212"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4358",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8314",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d771170-463f-11e9-9abd-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4358",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2012-8314",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-327",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8314"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003750"
},
{
"db": "NVD",
"id": "CVE-2012-4358"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. SIELCO SISTEMI Winlog has multiple security vulnerabilities, including: (1), DbiGetRecordCount code execution; (2), @Db@TDataSet@Close$qqrv code execution; (3), DbiSetToRecordNo code execution; (4), TCPIPS_BinOpenFileFP stack overflow; (5), directory traversal; (6), arbitrary byte write memory. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. A vulnerability exists in Sielco Sistemi Winlog Pro versions prior to SCADA 2.07.17 and versions prior to Winlog Lite SCADA 2.07.17. The vulnerability stems from the unverified \u0026lsquo;realloc\u0026rsquo; function return value. Winlog Pro is prone to the following security vulnerabilities:\n1. Multiple code-execution vulnerabilities. \n2. A stack-based buffer-overflow vulnerability. \n3. A directory-traversal vulnerability. \nAttackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nWinlog Packet Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49395\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49395/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nRELEASE DATE:\n2012-06-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49395/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49395/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nm1k3 has discovered a vulnerability in Winlog, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to an error in RunTime.exe when\nprocessing packets and can be exploited to cause a stack-based buffer\noverflow via a specially crafted packet sent to TCP port 46824. \n\nSuccessful exploitation allows execution of arbitrary code, but\nrequires a project to be configured for TCP server mode (not by\ndefault). \n\nThe vulnerability is confirmed in version 2.07.14. Other versions may\nalso be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nm1k3\n\nORIGINAL ADVISORY:\nhttp://www.s3cur1ty.de/m1adv2012-001\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4358"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003750"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8314"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "113312"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4358",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-12-213-01",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "49395",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2012-8314",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201208-327",
"trust": 1.0
},
{
"db": "BID",
"id": "54212",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003750",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "19409",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2012-3401",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-179-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "7EEB0B54-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D771170-463F-11E9-9ABD-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "113312",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8314"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003750"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4358"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-327"
}
]
},
"id": "VAR-201208-0287",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8314"
}
],
"trust": 2.475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8314"
}
]
},
"last_update_date": "2023-12-18T12:09:48.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Winlog Pro SCADA and Winlog Lite SCADA 2.07.17",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003750"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003750"
},
{
"db": "NVD",
"id": "CVE-2012-4358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-213-01.pdf"
},
{
"trust": 1.6,
"url": "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49395"
},
{
"trust": 1.6,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4358"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4358"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/19409/"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/winlog_2-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-179-01.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.s3cur1ty.de/m1adv2012-001"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8314"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003750"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4358"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8314"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003750"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4358"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1"
},
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8314"
},
{
"date": "2012-06-26T00:00:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003750"
},
{
"date": "2012-06-06T03:39:38",
"db": "PACKETSTORM",
"id": "113312"
},
{
"date": "2012-08-19T20:55:01.957000",
"db": "NVD",
"id": "CVE-2012-4358"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8314"
},
{
"date": "2015-03-19T08:22:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003750"
},
{
"date": "2012-08-20T04:00:00",
"db": "NVD",
"id": "CVE-2012-4358"
},
{
"date": "2012-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-327"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8314"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-327"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "7eeb0b54-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771170-463f-11e9-9abd-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-327"
}
],
"trust": 1.0
}
}
VAR-201208-0285
Vulnerability from variot - Updated: 2023-12-18 12:09Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98. For opening files Opcode 0x78 and .. ( Dot dot ) Port number with pathname including 46824 To TCP packet For reading files Opcode (1) 0x96 , (2) 0x97 , (3) 0x98 Port number with 46824 To TCP packet. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Read file operations to read any file. Winlog Pro is prone to the following security vulnerabilities: 1. Multiple code-execution vulnerabilities. 2. A stack-based buffer-overflow vulnerability. 3. A directory-traversal vulnerability. Attackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. Winlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Winlog Packet Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA49395
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
RELEASE DATE: 2012-06-06
DISCUSS ADVISORY: http://secunia.com/advisories/49395/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49395/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49395
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: m1k3 has discovered a vulnerability in Winlog, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in RunTime.exe when processing packets and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 46824.
Successful exploitation allows execution of arbitrary code, but requires a project to be configured for TCP server mode (not by default).
The vulnerability is confirmed in version 2.07.14. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: m1k3
ORIGINAL ADVISORY: http://www.s3cur1ty.de/m1adv2012-001
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0285",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.6,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 1.5,
"vendor": "sielco",
"version": "2.7"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.00"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.09"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.10"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.11"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.04"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.01"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.28"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.50"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.09"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.86"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.24"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.08"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.40"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.60"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.25"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.12"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.46"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.06"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.14"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.00"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.18"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.03"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.13"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.21"
},
{
"model": "winlog pro",
"scope": "eq",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.06.73"
},
{
"model": "winlog lite",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "winlog pro",
"scope": "lte",
"trust": 1.0,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.9"
},
{
"model": "sistemi winlog pro",
"scope": "eq",
"trust": 0.9,
"vendor": "sielco",
"version": "2.7.1"
},
{
"model": "winlog lite",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.17"
},
{
"model": "winlog pro",
"scope": "lt",
"trust": 0.8,
"vendor": "sielco sistemi",
"version": "scada 2.07.17"
},
{
"model": "winlog lite",
"scope": "eq",
"trust": 0.6,
"vendor": "sielcosistemi",
"version": "2.07.16"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog pro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.03"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.04"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.06"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.18"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.25"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.28"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.46"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.50"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.60"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.73"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.06.86"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.09"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "2.07.14"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "winlog lite",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771171-463f-11e9-b8ff-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8316"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003748"
},
{
"db": "NVD",
"id": "CVE-2012-4356"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.07.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4356"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "54212"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4356",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-4356",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8316",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d771171-463f-11e9-b8ff-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4356",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-8316",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-325",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d771171-463f-11e9-b8ff-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-4356",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771171-463f-11e9-b8ff-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-8316"
},
{
"db": "VULMON",
"id": "CVE-2012-4356"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003748"
},
{
"db": "NVD",
"id": "CVE-2012-4356"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98. For opening files Opcode 0x78 and .. ( Dot dot ) Port number with pathname including 46824 To TCP packet For reading files Opcode (1) 0x96 , (2) 0x97 , (3) 0x98 Port number with 46824 To TCP packet. SIELCO SISTEMI Winlog is an application for data acquisition and remote control of SCADA HMI monitoring software. Winlog Pro is a SCADA/HMI software package for managing industrial and civil plants. Read file operations to read any file. Winlog Pro is prone to the following security vulnerabilities:\n1. Multiple code-execution vulnerabilities. \n2. A stack-based buffer-overflow vulnerability. \n3. A directory-traversal vulnerability. \nAttackers can leverage these issues to perform unauthorized actions through directory traversal attacks, run arbitrary code, or cause a denial of service. Other attacks may also be possible. \nWinlog Pro 2.07.16 and prior are vulnerable. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nWinlog Packet Processing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49395\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49395/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nRELEASE DATE:\n2012-06-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49395/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49395/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nm1k3 has discovered a vulnerability in Winlog, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to an error in RunTime.exe when\nprocessing packets and can be exploited to cause a stack-based buffer\noverflow via a specially crafted packet sent to TCP port 46824. \n\nSuccessful exploitation allows execution of arbitrary code, but\nrequires a project to be configured for TCP server mode (not by\ndefault). \n\nThe vulnerability is confirmed in version 2.07.14. Other versions may\nalso be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nm1k3\n\nORIGINAL ADVISORY:\nhttp://www.s3cur1ty.de/m1adv2012-001\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4356"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003748"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8316"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "IVD",
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771171-463f-11e9-b8ff-000c29342cb1"
},
{
"db": "VULMON",
"id": "CVE-2012-4356"
},
{
"db": "PACKETSTORM",
"id": "113312"
}
],
"trust": 3.51
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=19409",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-4356"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4356",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-213-01",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "49395",
"trust": 1.8
},
{
"db": "CNVD",
"id": "CNVD-2012-8316",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201208-325",
"trust": 1.0
},
{
"db": "BID",
"id": "54212",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003748",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "19409",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-3401",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-179-01",
"trust": 0.3
},
{
"db": "IVD",
"id": "7F01CF7E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D771171-463F-11E9-B8FF-000C29342CB1",
"trust": 0.2
},
{
"db": "ICS CERT",
"id": "ICSA-12-213-01A",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-4356",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113312",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771171-463f-11e9-b8ff-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8316"
},
{
"db": "VULMON",
"id": "CVE-2012-4356"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003748"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4356"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-325"
}
]
},
"id": "VAR-201208-0285",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771171-463f-11e9-b8ff-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8316"
}
],
"trust": 2.475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771171-463f-11e9-b8ff-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8316"
}
]
},
"last_update_date": "2023-12-18T12:09:48.620000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Winlog Pro SCADA and Winlog Lite SCADA 2.07.17",
"trust": 0.8,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003748"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003748"
},
{
"db": "NVD",
"id": "CVE-2012-4356"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-213-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/49395"
},
{
"trust": 1.7,
"url": "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4356"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4356"
},
{
"trust": 0.7,
"url": "http://www.exploit-db.com/exploits/19409/"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/winlog_2-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.sielcosistemi.com/en/products/winlog_scada_hmi/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-179-01.pdf"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/auxiliary/scanner/scada/sielco_winlog_fileaccess"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-12-213-01a"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49395/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.s3cur1ty.de/m1adv2012-001"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49395"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8316"
},
{
"db": "VULMON",
"id": "CVE-2012-4356"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003748"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4356"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771171-463f-11e9-b8ff-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"db": "CNVD",
"id": "CNVD-2012-8316"
},
{
"db": "VULMON",
"id": "CVE-2012-4356"
},
{
"db": "BID",
"id": "54212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003748"
},
{
"db": "PACKETSTORM",
"id": "113312"
},
{
"db": "NVD",
"id": "CVE-2012-4356"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-20T00:00:00",
"db": "IVD",
"id": "7d771171-463f-11e9-b8ff-000c29342cb1"
},
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8316"
},
{
"date": "2012-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2012-4356"
},
{
"date": "2012-06-26T00:00:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003748"
},
{
"date": "2012-06-06T03:39:38",
"db": "PACKETSTORM",
"id": "113312"
},
{
"date": "2012-08-19T20:55:01.863000",
"db": "NVD",
"id": "CVE-2012-4356"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3401"
},
{
"date": "2012-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8316"
},
{
"date": "2012-08-20T00:00:00",
"db": "VULMON",
"id": "CVE-2012-4356"
},
{
"date": "2015-03-19T08:22:00",
"db": "BID",
"id": "54212"
},
{
"date": "2012-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003748"
},
{
"date": "2012-08-20T16:16:14.573000",
"db": "NVD",
"id": "CVE-2012-4356"
},
{
"date": "2012-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sielco Sistemi Winlog Pro SCADA/Winlog Lite SCADA Multiple Directory Traversal Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8316"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-325"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "7f01cf7e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d771171-463f-11e9-b8ff-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-325"
}
],
"trust": 1.0
}
}
CVE-2023-46665 (GCVE-0-2023-46665)
Vulnerability from cvelistv5 – Published: 2023-10-26 20:08 – Updated: 2025-01-16 21:26
VLAI
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:24.780289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:26:57.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\u003c/p\u003e\u003cbr\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:08:22.908Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46665",
"datePublished": "2023-10-26T20:08:22.908Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:26:57.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46664 (GCVE-0-2023-46664)
Vulnerability from cvelistv5 – Published: 2023-10-26 20:04 – Updated: 2025-01-16 21:27
VLAI
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:36.232976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:05.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:04:33.638Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46664",
"datePublished": "2023-10-26T20:04:33.638Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:27:05.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46663 (GCVE-0-2023-46663)
Vulnerability from cvelistv5 – Published: 2023-10-26 20:02 – Updated: 2025-01-16 21:27
VLAI
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:39.161131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:13.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\u003c/p\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:02:24.004Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46663",
"datePublished": "2023-10-26T20:02:24.004Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:27:13.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46662 (GCVE-0-2023-46662)
Vulnerability from cvelistv5 – Published: 2023-10-26 20:00 – Updated: 2025-01-16 21:27
VLAI
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:42.009994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:22.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:00:05.085Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46662",
"datePublished": "2023-10-26T20:00:05.085Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:27:22.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46661 (GCVE-0-2023-46661)
Vulnerability from cvelistv5 – Published: 2023-10-26 19:57 – Updated: 2025-01-16 21:27
VLAI
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:27.511840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:31.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T19:57:12.046Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46661",
"datePublished": "2023-10-26T19:57:12.046Z",
"dateReserved": "2023-10-24T16:27:17.281Z",
"dateUpdated": "2025-01-16T21:27:31.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5754 (GCVE-0-2023-5754)
Vulnerability from cvelistv5 – Published: 2023-10-26 19:47 – Updated: 2025-01-16 21:27
VLAI
Title
Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000
Summary
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:31.175439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:38.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T19:47:06.226Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5754",
"datePublished": "2023-10-26T19:47:06.226Z",
"dateReserved": "2023-10-24T16:24:16.565Z",
"dateUpdated": "2025-01-16T21:27:38.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0897 (GCVE-0-2023-0897)
Vulnerability from cvelistv5 – Published: 2023-10-26 19:44 – Updated: 2025-01-16 21:27
VLAI
Title
Session FIxation in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:00.626921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:45.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T19:44:01.703Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Session FIxation in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0897",
"datePublished": "2023-10-26T19:44:01.703Z",
"dateReserved": "2023-02-17T21:23:31.932Z",
"dateUpdated": "2025-01-16T21:27:45.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41966 (GCVE-0-2023-41966)
Vulnerability from cvelistv5 – Published: 2023-10-26 16:21 – Updated: 2025-01-16 21:28
VLAI
Title
Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions
Summary
The application suffers from a privilege escalation vulnerability. A
user with read permissions can elevate privileges by sending a HTTP POST
to set a parameter.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | Analog FM transmitter |
Affected:
2.12 (EXC5000GX)
Affected: 2.12 (EXC120GX) Affected: 2.11 (EXC300GX) Affected: 2.10 (EXC1600GX) Affected: 2.10 (EXC2000GX) Affected: 2.08 (EXC1600GX) Affected: 2.08 (EXC1000GX) Affected: 2.07 (EXC3000GX) Affected: 2.06 (EXC5000GX) Affected: 1.7.7 (EXC30GT) Affected: 1.7.4 (EXC300GT) Affected: 1.7.4 (EXC100GT) Affected: 1.7.4 (EXC5000GT) Affected: 1.6.3 (EXC1000GT) Affected: 1.5.4 (EXC120GT) |
|
| Sielco | Radio Link |
Affected:
2.06 (RTX19)
Affected: 2.05 (RTX19) Affected: 2.00 (EXC19) Affected: 1.60 (RTX19) Affected: 1.59 (RTX19) Affected: 1.55 (EXC19) |
Date Public
2023-10-26 16:02
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sielco.org/en/contacts"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:18:51.607180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:28:02.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Analog FM transmitter",
"vendor": "Sielco",
"versions": [
{
"status": "affected",
"version": "2.12 (EXC5000GX)"
},
{
"status": "affected",
"version": "2.12 (EXC120GX)"
},
{
"status": "affected",
"version": "2.11 (EXC300GX)"
},
{
"status": "affected",
"version": "2.10 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.10 (EXC2000GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1000GX)"
},
{
"status": "affected",
"version": "2.07 (EXC3000GX)"
},
{
"status": "affected",
"version": "2.06 (EXC5000GX)"
},
{
"status": "affected",
"version": "1.7.7 (EXC30GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC300GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC100GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC5000GT)"
},
{
"status": "affected",
"version": "1.6.3 (EXC1000GT)"
},
{
"status": "affected",
"version": "1.5.4 (EXC120GT)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Radio Link",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "2.06 (RTX19)"
},
{
"status": "affected",
"version": "2.05 (RTX19)"
},
{
"status": "affected",
"version": "2.00 (EXC19)"
},
{
"status": "affected",
"version": "1.60 (RTX19)"
},
{
"status": "affected",
"version": "1.59 (RTX19)"
},
{
"status": "affected",
"version": "1.55 (EXC19)"
}
]
}
],
"datePublic": "2023-10-26T16:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T16:21:56.412Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"url": "https://www.sielco.org/en/contacts"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-41966",
"datePublished": "2023-10-26T16:21:56.412Z",
"dateReserved": "2023-10-25T15:23:55.519Z",
"dateUpdated": "2025-01-16T21:28:02.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45228 (GCVE-0-2023-45228)
Vulnerability from cvelistv5 – Published: 2023-10-26 16:19 – Updated: 2025-01-16 21:28
VLAI
Title
Sielco Radio Link and Analog FM Transmitters Improper Access Control
Summary
The application suffers from improper access control when editing users.
A user with read permissions can manipulate users, passwords, and
permissions by sending a single HTTP POST request with modified
parameters.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | Analog FM transmitter |
Affected:
2.12 (EXC5000GX)
Affected: 2.12 (EXC120GX) Affected: 2.11 (EXC300GX) Affected: 2.10 (EXC1600GX) Affected: 2.10 (EXC2000GX) Affected: 2.08 (EXC1600GX) Affected: 2.08 (EXC1000GX) Affected: 2.07 (EXC3000GX) Affected: 2.06 (EXC5000GX) Affected: 1.7.7 (EXC30GT) Affected: 1.7.4 (EXC300GT) Affected: 1.7.4 (EXC100GT) Affected: 1.7.4 (EXC5000GT) Affected: 1.6.3 (EXC1000GT) Affected: 1.5.4 (EXC120GT) |
|
| Sielco | Radio Link |
Affected:
2.06 (RTX19)
Affected: 2.05 (RTX19) Affected: 2.00 (EXC19) Affected: 1.60 (RTX19) Affected: 1.59 (RTX19) Affected: 1.55 (EXC19) |
Date Public
2023-10-26 16:02
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sielco.org/en/contacts"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:18:55.827236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:28:09.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Analog FM transmitter",
"vendor": "Sielco",
"versions": [
{
"status": "affected",
"version": "2.12 (EXC5000GX)"
},
{
"status": "affected",
"version": "2.12 (EXC120GX)"
},
{
"status": "affected",
"version": "2.11 (EXC300GX)"
},
{
"status": "affected",
"version": "2.10 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.10 (EXC2000GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1000GX)"
},
{
"status": "affected",
"version": "2.07 (EXC3000GX)"
},
{
"status": "affected",
"version": "2.06 (EXC5000GX)"
},
{
"status": "affected",
"version": "1.7.7 (EXC30GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC300GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC100GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC5000GT)"
},
{
"status": "affected",
"version": "1.6.3 (EXC1000GT)"
},
{
"status": "affected",
"version": "1.5.4 (EXC120GT)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Radio Link",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "2.06 (RTX19)"
},
{
"status": "affected",
"version": "2.05 (RTX19)"
},
{
"status": "affected",
"version": "2.00 (EXC19)"
},
{
"status": "affected",
"version": "1.60 (RTX19)"
},
{
"status": "affected",
"version": "1.59 (RTX19)"
},
{
"status": "affected",
"version": "1.55 (EXC19)"
}
]
}
],
"datePublic": "2023-10-26T16:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"
}
],
"value": "\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T16:19:41.642Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"url": "https://www.sielco.org/en/contacts"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sielco Radio Link and Analog FM Transmitters Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-45228",
"datePublished": "2023-10-26T16:19:41.642Z",
"dateReserved": "2023-10-25T15:23:55.527Z",
"dateUpdated": "2025-01-16T21:28:09.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45317 (GCVE-0-2023-45317)
Vulnerability from cvelistv5 – Published: 2023-10-26 16:17 – Updated: 2025-01-16 21:28
VLAI
Title
Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery
Summary
The application interface allows users to perform certain actions via
HTTP requests without performing any validity checks to verify the
requests. This can be exploited to perform certain actions with
administrative privileges if a logged-in user visits a malicious web
site.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | Analog FM transmitter |
Affected:
2.12 (EXC5000GX)
Affected: 2.12 (EXC120GX) Affected: 2.11 (EXC300GX) Affected: 2.10 (EXC1600GX) Affected: 2.10 (EXC2000GX) Affected: 2.08 (EXC1600GX) Affected: 2.08 (EXC1000GX) Affected: 2.07 (EXC3000GX) Affected: 2.06 (EXC5000GX) Affected: 1.7.7 (EXC30GT) Affected: 1.7.4 (EXC300GT) Affected: 1.7.4 (EXC100GT) Affected: 1.7.4 (EXC5000GT) Affected: 1.6.3 (EXC1000GT) Affected: 1.5.4 (EXC120GT) |
|
| Sielco | Radio Link |
Affected:
2.06 (RTX19)
Affected: 2.05 (RTX19) Affected: 2.00 (EXC19) Affected: 1.60 (RTX19) Affected: 1.59 (RTX19) Affected: 1.55 (EXC19) |
Date Public
2023-10-26 16:02
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sielco.org/en/contacts"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:07.199578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:28:15.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Analog FM transmitter",
"vendor": "Sielco",
"versions": [
{
"status": "affected",
"version": "2.12 (EXC5000GX)"
},
{
"status": "affected",
"version": "2.12 (EXC120GX)"
},
{
"status": "affected",
"version": "2.11 (EXC300GX)"
},
{
"status": "affected",
"version": "2.10 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.10 (EXC2000GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1000GX)"
},
{
"status": "affected",
"version": "2.07 (EXC3000GX)"
},
{
"status": "affected",
"version": "2.06 (EXC5000GX)"
},
{
"status": "affected",
"version": "1.7.7 (EXC30GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC300GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC100GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC5000GT)"
},
{
"status": "affected",
"version": "1.6.3 (EXC1000GT)"
},
{
"status": "affected",
"version": "1.5.4 (EXC120GT)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Radio Link",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "2.06 (RTX19)"
},
{
"status": "affected",
"version": "2.05 (RTX19)"
},
{
"status": "affected",
"version": "2.00 (EXC19)"
},
{
"status": "affected",
"version": "1.60 (RTX19)"
},
{
"status": "affected",
"version": "1.59 (RTX19)"
},
{
"status": "affected",
"version": "1.55 (EXC19)"
}
]
}
],
"datePublic": "2023-10-26T16:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
}
],
"value": "\nThe application interface allows users to perform certain actions via \nHTTP requests without performing any validity checks to verify the \nrequests. This can be exploited to perform certain actions with \nadministrative privileges if a logged-in user visits a malicious web \nsite.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T16:17:37.365Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"url": "https://www.sielco.org/en/contacts"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-45317",
"datePublished": "2023-10-26T16:17:37.365Z",
"dateReserved": "2023-10-25T15:23:55.532Z",
"dateUpdated": "2025-01-16T21:28:15.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46665 (GCVE-0-2023-46665)
Vulnerability from nvd – Published: 2023-10-26 20:08 – Updated: 2025-01-16 21:26
VLAI
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:24.780289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:26:57.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\u003c/p\u003e\u003cbr\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:08:22.908Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46665",
"datePublished": "2023-10-26T20:08:22.908Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:26:57.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46664 (GCVE-0-2023-46664)
Vulnerability from nvd – Published: 2023-10-26 20:04 – Updated: 2025-01-16 21:27
VLAI
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:36.232976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:05.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:04:33.638Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46664",
"datePublished": "2023-10-26T20:04:33.638Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:27:05.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46663 (GCVE-0-2023-46663)
Vulnerability from nvd – Published: 2023-10-26 20:02 – Updated: 2025-01-16 21:27
VLAI
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:39.161131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:13.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\u003c/p\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\nSielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:02:24.004Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46663",
"datePublished": "2023-10-26T20:02:24.004Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:27:13.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46662 (GCVE-0-2023-46662)
Vulnerability from nvd – Published: 2023-10-26 20:00 – Updated: 2025-01-16 21:27
VLAI
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:42.009994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:22.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nSielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T20:00:05.085Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46662",
"datePublished": "2023-10-26T20:00:05.085Z",
"dateReserved": "2023-10-24T16:27:17.282Z",
"dateUpdated": "2025-01-16T21:27:22.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46661 (GCVE-0-2023-46661)
Vulnerability from nvd – Published: 2023-10-26 19:57 – Updated: 2025-01-16 21:27
VLAI
Title
Improper Access Control in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:27.511840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:31.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nSielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T19:57:12.046Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-46661",
"datePublished": "2023-10-26T19:57:12.046Z",
"dateReserved": "2023-10-24T16:27:17.281Z",
"dateUpdated": "2025-01-16T21:27:31.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5754 (GCVE-0-2023-5754)
Vulnerability from nvd – Published: 2023-10-26 19:47 – Updated: 2025-01-16 21:27
VLAI
Title
Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000
Summary
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:31.175439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:38.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nSielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T19:47:06.226Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5754",
"datePublished": "2023-10-26T19:47:06.226Z",
"dateReserved": "2023-10-24T16:24:16.565Z",
"dateUpdated": "2025-01-16T21:27:38.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0897 (GCVE-0-2023-0897)
Vulnerability from nvd – Published: 2023-10-26 19:44 – Updated: 2025-01-16 21:27
VLAI
Title
Session FIxation in Sielco PolyEco1000
Summary
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | PolyEco1000 |
Affected:
CPU:2.0.6 FPGA:10.19
Affected: CPU:1.9.4 FPGA:10.19 Affected: CPU:1.9.3 FPGA:10.19 Affected: CPU:1.7.0 FPGA:10.16 Affected: CPU:2.0.2 FPGA:10.19 Affected: CPU:2.0.0 FPGA:10.19 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:00.626921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:27:45.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PolyEco1000",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "CPU:2.0.6 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.4 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.9.3 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:1.7.0 FPGA:10.16"
},
{
"status": "affected",
"version": "CPU:2.0.2 FPGA:10.19"
},
{
"status": "affected",
"version": "CPU:2.0.0 FPGA:10.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Gjoko Krstic"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T19:44:01.703Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Session FIxation in Sielco PolyEco1000",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0897",
"datePublished": "2023-10-26T19:44:01.703Z",
"dateReserved": "2023-02-17T21:23:31.932Z",
"dateUpdated": "2025-01-16T21:27:45.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41966 (GCVE-0-2023-41966)
Vulnerability from nvd – Published: 2023-10-26 16:21 – Updated: 2025-01-16 21:28
VLAI
Title
Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions
Summary
The application suffers from a privilege escalation vulnerability. A
user with read permissions can elevate privileges by sending a HTTP POST
to set a parameter.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | Analog FM transmitter |
Affected:
2.12 (EXC5000GX)
Affected: 2.12 (EXC120GX) Affected: 2.11 (EXC300GX) Affected: 2.10 (EXC1600GX) Affected: 2.10 (EXC2000GX) Affected: 2.08 (EXC1600GX) Affected: 2.08 (EXC1000GX) Affected: 2.07 (EXC3000GX) Affected: 2.06 (EXC5000GX) Affected: 1.7.7 (EXC30GT) Affected: 1.7.4 (EXC300GT) Affected: 1.7.4 (EXC100GT) Affected: 1.7.4 (EXC5000GT) Affected: 1.6.3 (EXC1000GT) Affected: 1.5.4 (EXC120GT) |
|
| Sielco | Radio Link |
Affected:
2.06 (RTX19)
Affected: 2.05 (RTX19) Affected: 2.00 (EXC19) Affected: 1.60 (RTX19) Affected: 1.59 (RTX19) Affected: 1.55 (EXC19) |
Date Public
2023-10-26 16:02
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sielco.org/en/contacts"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:18:51.607180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:28:02.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Analog FM transmitter",
"vendor": "Sielco",
"versions": [
{
"status": "affected",
"version": "2.12 (EXC5000GX)"
},
{
"status": "affected",
"version": "2.12 (EXC120GX)"
},
{
"status": "affected",
"version": "2.11 (EXC300GX)"
},
{
"status": "affected",
"version": "2.10 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.10 (EXC2000GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1000GX)"
},
{
"status": "affected",
"version": "2.07 (EXC3000GX)"
},
{
"status": "affected",
"version": "2.06 (EXC5000GX)"
},
{
"status": "affected",
"version": "1.7.7 (EXC30GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC300GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC100GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC5000GT)"
},
{
"status": "affected",
"version": "1.6.3 (EXC1000GT)"
},
{
"status": "affected",
"version": "1.5.4 (EXC120GT)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Radio Link",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "2.06 (RTX19)"
},
{
"status": "affected",
"version": "2.05 (RTX19)"
},
{
"status": "affected",
"version": "2.00 (EXC19)"
},
{
"status": "affected",
"version": "1.60 (RTX19)"
},
{
"status": "affected",
"version": "1.59 (RTX19)"
},
{
"status": "affected",
"version": "1.55 (EXC19)"
}
]
}
],
"datePublic": "2023-10-26T16:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T16:21:56.412Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"url": "https://www.sielco.org/en/contacts"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-41966",
"datePublished": "2023-10-26T16:21:56.412Z",
"dateReserved": "2023-10-25T15:23:55.519Z",
"dateUpdated": "2025-01-16T21:28:02.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45228 (GCVE-0-2023-45228)
Vulnerability from nvd – Published: 2023-10-26 16:19 – Updated: 2025-01-16 21:28
VLAI
Title
Sielco Radio Link and Analog FM Transmitters Improper Access Control
Summary
The application suffers from improper access control when editing users.
A user with read permissions can manipulate users, passwords, and
permissions by sending a single HTTP POST request with modified
parameters.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sielco | Analog FM transmitter |
Affected:
2.12 (EXC5000GX)
Affected: 2.12 (EXC120GX) Affected: 2.11 (EXC300GX) Affected: 2.10 (EXC1600GX) Affected: 2.10 (EXC2000GX) Affected: 2.08 (EXC1600GX) Affected: 2.08 (EXC1000GX) Affected: 2.07 (EXC3000GX) Affected: 2.06 (EXC5000GX) Affected: 1.7.7 (EXC30GT) Affected: 1.7.4 (EXC300GT) Affected: 1.7.4 (EXC100GT) Affected: 1.7.4 (EXC5000GT) Affected: 1.6.3 (EXC1000GT) Affected: 1.5.4 (EXC120GT) |
|
| Sielco | Radio Link |
Affected:
2.06 (RTX19)
Affected: 2.05 (RTX19) Affected: 2.00 (EXC19) Affected: 1.60 (RTX19) Affected: 1.59 (RTX19) Affected: 1.55 (EXC19) |
Date Public
2023-10-26 16:02
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sielco.org/en/contacts"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:18:55.827236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:28:09.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Analog FM transmitter",
"vendor": "Sielco",
"versions": [
{
"status": "affected",
"version": "2.12 (EXC5000GX)"
},
{
"status": "affected",
"version": "2.12 (EXC120GX)"
},
{
"status": "affected",
"version": "2.11 (EXC300GX)"
},
{
"status": "affected",
"version": "2.10 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.10 (EXC2000GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1600GX)"
},
{
"status": "affected",
"version": "2.08 (EXC1000GX)"
},
{
"status": "affected",
"version": "2.07 (EXC3000GX)"
},
{
"status": "affected",
"version": "2.06 (EXC5000GX)"
},
{
"status": "affected",
"version": "1.7.7 (EXC30GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC300GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC100GT)"
},
{
"status": "affected",
"version": "1.7.4 (EXC5000GT)"
},
{
"status": "affected",
"version": "1.6.3 (EXC1000GT)"
},
{
"status": "affected",
"version": "1.5.4 (EXC120GT)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Radio Link",
"vendor": "Sielco ",
"versions": [
{
"status": "affected",
"version": "2.06 (RTX19)"
},
{
"status": "affected",
"version": "2.05 (RTX19)"
},
{
"status": "affected",
"version": "2.00 (EXC19)"
},
{
"status": "affected",
"version": "1.60 (RTX19)"
},
{
"status": "affected",
"version": "1.59 (RTX19)"
},
{
"status": "affected",
"version": "1.55 (EXC19)"
}
]
}
],
"datePublic": "2023-10-26T16:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"
}
],
"value": "\n\nThe application suffers from improper access control when editing users.\n A user with read permissions can manipulate users, passwords, and \npermissions by sending a single HTTP POST request with modified \nparameters.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T16:19:41.642Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
},
{
"url": "https://www.sielco.org/en/contacts"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sielco Radio Link and Analog FM Transmitters Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-45228",
"datePublished": "2023-10-26T16:19:41.642Z",
"dateReserved": "2023-10-25T15:23:55.527Z",
"dateUpdated": "2025-01-16T21:28:09.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}