cbcvebase.
CVE-2012-4356
published 2012-08-19

CVE-2012-4356: Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to…

PriorityP344medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
27.49%
97.8th percentile
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.

Affected

54 ranges· showing 25
VendorProductVersion rangeFixed in
sielcosistemiwinlog_lite<= 2.07.16
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite
sielcosistemiwinlog_lite

Detection & IOCsextracted from sources · hover to see the quote

port46824/TCP
otheropcode 0x78 (file-open operation)
otheropcode 0x96 (file-read operation)
otheropcode 0x97 (file-read operation)
otheropcode 0x98 (file-read operation)
processRuntime.exe
  • Detect directory traversal attempts targeting port 46824/TCP — look for TCP packets to this port containing '..' (dot dot) sequences in the payload, particularly following an opcode 0x78 file-open operation.
  • Alert on TCP traffic to port 46824 where the payload contains opcode bytes 0x96, 0x97, or 0x98 (file-read operations), especially when preceded by an opcode 0x78 open request — this two-stage sequence is the full exploit pattern.
  • Monitor for unexpected inbound connections to port 46824/TCP on SCADA hosts running Runtime.exe (Sielco Sistemi Winlog), especially from external or untrusted network segments.
  • ·Vulnerability affects Winlog Pro and Winlog Lite versions prior to 2.07.17; the Metasploit module was validated against Winlog Lite 2.07.14 specifically — detections should account for both product lines.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.