PT-2012-5352 · Proeon · Winlog Pro Scada+1

Luigi Auriemma

Published

2012-08-19

Updated

2012-08-20

CVE-2012-4355

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Winlog Pro SCADA versions prior to 2.07.18 Winlog Lite SCADA versions prior to 2.07.18

Description The issue allows remote attackers to execute arbitrary code via a crafted TCP packet sent to port 46824, containing a negative integer after the opcode. This triggers incorrect function-pointer processing, potentially leading to a buffer overflow.

Recommendations For Winlog Pro SCADA versions prior to 2.07.18, update to version 2.07.18 or later. For Winlog Lite SCADA versions prior to 2.07.18, update to version 2.07.18 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2012-4355

Affected Products

Winlog Lite Scada

Winlog Pro Scada

PT-2012-5352 · Proeon · Winlog Pro Scada+1

CVE-2012-4355

Weakness Enumeration

Related Identifiers

Affected Products

References · 6