Vulnerabilities > CVE-2012-4354 - Numeric Errors vulnerability in Sielcosistemi Winlog Lite and Winlog PRO

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
sielcosistemi
CWE-189
critical
exploit available
NVD
Published: 2012-08-19
Updated: 2012-08-20

Summary

TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Sielcosistemi
52

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionsielco sistemi winlog 2.07.16 - Multiple Vulnerabilities. CVE-2012-3815,CVE-2012-4353,CVE-2012-4354,CVE-2012-4355,CVE-2012-4356,CVE-2012-4357. Dos exploit fo...
idEDB-ID:19409
last seen2016-02-02
modified2012-06-27
published2012-06-27
reporterLuigi Auriemma
sourcehttps://www.exploit-db.com/download/19409/
titlesielco sistemi winlog 2.07.16 - Multiple Vulnerabilities

References