Vulnerabilities > Sielcosistemi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-13 | CVE-2017-5161 | Uncontrolled Search Path Element vulnerability in Sielcosistemi Winlog Lite and Winlog PRO An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. | 9.3 |
| 2012-08-19 | CVE-2012-4359 | Improper Input Validation vulnerability in Sielcosistemi Winlog Lite and Winlog PRO Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. | 9.3 |
| 2012-08-19 | CVE-2012-4358 | Improper Input Validation vulnerability in Sielcosistemi Winlog Lite and Winlog PRO Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode. | 9.3 |
| 2012-08-19 | CVE-2012-4357 | Improper Input Validation vulnerability in Sielcosistemi Winlog Lite and Winlog PRO Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block. | 9.3 |
| 2012-08-19 | CVE-2012-4356 | Path Traversal vulnerability in Sielcosistemi Winlog Lite and Winlog PRO Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. | 4.3 |
| 2012-08-19 | CVE-2012-4355 | Numeric Errors vulnerability in Sielcosistemi Winlog Lite and Winlog PRO TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. | 9.3 |
| 2012-08-19 | CVE-2012-4354 | Numeric Errors vulnerability in Sielcosistemi Winlog Lite and Winlog PRO TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. | 9.3 |
| 2012-08-19 | CVE-2012-4353 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sielcosistemi Winlog Lite and Winlog PRO Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. | 9.3 |
| 2012-06-27 | CVE-2012-3815 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sielcosistemi Winlog Lite and Winlog PRO Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. | 9.3 |
| 2011-12-22 | CVE-2011-4037 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sielcosistemi Winlog Lite and Winlog PRO Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file. | 9.3 |