9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.963 High
EPSS
Percentile
99.6%
Sielco Sistemi Winlog TCP/IP server contains a stack overflow vulnerability
According to Sielco Sistemi’s website: “Winlog is a software package for SCADA/HMI applications with web support, OPC client and a wide library of communication drivers and protocols for most PLCs (Siemens, Omron, Allen Bradley, Modbus, etc.)” Sielco Sistemi Winlog has the capability to accept remote connections by enabling the “Run TCP/IP server” option. The server listens on port 46823/tcp. A specially crafted packet from a remote attacker can cause a stack overflow possibly allowing an attacker to execute arbitrary code.
For additional information see ICS-CERT Advisory ICSA-11-017-02.
Public exploit code is available for this vulnerability.
A remote attacker can cause the device to crash and may be able to execute arbitrary code.
Upgrade
Sielco Sistemi recommends that users update their Winlog Lite and Winlog Pro to version 2.07.01.
Restrict Access
Enable firewall rules to restrict access for port 46823/tcp to only trusted sources.
496040
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 19, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Luigi Auriemma for reporting this vulnerability.
This document was written by Michael Orlando.
CVE IDs: | CVE-2011-0517 |
---|---|
Severity Metric: | 1.10 Date Public: |