CVE-2012-4358
published 2012-08-19CVE-2012-4358: Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows…
PriorityP336critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
2.52%
82.9th percentile
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sielcosistemi | winlog_lite | <= 2.07.16 | — |
| sielcosistemi | winlog_lite | <= 2.07.17 | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
| sielcosistemi | winlog_lite | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w34p-hhjq-x6m6: Sielco Sistemi Winlog Pro SCADA before 2
ghsa_unreviewed·2022-05-17
CVE-2012-4358 [HIGH] CWE-20 GHSA-w34p-hhjq-x6m6: Sielco Sistemi Winlog Pro SCADA before 2
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode.
GHSA
GHSA-2q8j-7fg9-w99h: Sielco Sistemi Winlog Pro SCADA before 2
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2012-4359 [CRITICAL] CWE-20 GHSA-2q8j-7fg9-w99h: Sielco Sistemi Winlog Pro SCADA before 2
Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358.
CISA ICS
Sielco Sistemi Winlog Multiple Vulnerabilities (Update A)
cisa_ics·2012-07-31·CVSS 9.3
[CRITICAL] Sielco Sistemi Winlog Multiple Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Sielco Sistemi Winlog Multiple Vulnerabilities (Update A)
Last RevisedSeptember 06, 2018
Alert CodeICSA-12-213-01A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-12-213-01 - Sielco Sistemi Winlog Multiple Vulnerabilities that was published July 31, 2012, on the NCCIC/ICS-CERT web site. The updated advisory matches new CVE identifiers up with other publicly available vulnerability disclosuresSecunia Advisory SA49395, http://secunia.com/community/advisories/49395, web site last accessed March 18, 2014. and databases.OSVDB, http://web.nvd.nist
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://aluigi.org/adv/winlog_2-adv.txthttp://secunia.com/advisories/49395http://www.sielcosistemi.com/en/news/index.html?id=69http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdfhttp://aluigi.org/adv/winlog_2-adv.txthttp://secunia.com/advisories/49395http://www.sielcosistemi.com/en/news/index.html?id=69http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
2012-08-19
Published