CVE-2012-4354
published 2012-08-19CVE-2012-4354: TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a…
PriorityP356critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
8.19%
94.2th percentile
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sielcosistemi | winlog_lite | <= 2.07.17 | — |
| sielcosistemi | winlog_lite | <= 2.07.16 | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-grc2-72xj-8m4q: TCPIPS_Story
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2012-4355 [CRITICAL] GHSA-grc2-72xj-8m4q: TCPIPS_Story
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354.
GHSA
GHSA-cmg3-27ff-9pv7: TCPIPS_Story
ghsa_unreviewed·2022-05-17
CVE-2012-4354 [HIGH] GHSA-cmg3-27ff-9pv7: TCPIPS_Story
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information.
CISA ICS
Sielco Sistemi Winlog Multiple Vulnerabilities (Update A)
cisa_ics·2012-07-31·CVSS 9.3
[CRITICAL] Sielco Sistemi Winlog Multiple Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Sielco Sistemi Winlog Multiple Vulnerabilities (Update A)
Last RevisedSeptember 06, 2018
Alert CodeICSA-12-213-01A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-12-213-01 - Sielco Sistemi Winlog Multiple Vulnerabilities that was published July 31, 2012, on the NCCIC/ICS-CERT web site. The updated advisory matches new CVE identifiers up with other publicly available vulnerability disclosuresSecunia Advisory SA49395, http://secunia.com/community/advisories/49395, web site last accessed March 18, 2014. and databases.OSVDB, http://web.nvd.nist
No detection rules found.
No writeups or analysis indexed.
http://aluigi.org/adv/winlog_2-adv.txthttp://secunia.com/advisories/49395http://www.sielcosistemi.com/en/news/index.html?id=69http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdfhttp://aluigi.org/adv/winlog_2-adv.txthttp://secunia.com/advisories/49395http://www.sielcosistemi.com/en/news/index.html?id=69http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
2012-08-19
Published