Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4359

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-4359
Last Modified 20 Aug 2012 12:00:00
Published 19 Aug 2012 04:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4359

Summary

Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358.

Vulnerable Systems

Application

  • Sielcosistemi Winlog Lite 2.06.00

  • Sielcosistemi Winlog Lite 2.06.03

  • Sielcosistemi Winlog Lite 2.06.04

  • Sielcosistemi Winlog Lite 2.06.06

  • Sielcosistemi Winlog Lite 2.06.09

  • Sielcosistemi Winlog Lite 2.06.10

  • Sielcosistemi Winlog Lite 2.06.12

  • Sielcosistemi Winlog Lite 2.06.13

  • Sielcosistemi Winlog Lite 2.06.14

  • Sielcosistemi Winlog Lite 2.06.18

  • Sielcosistemi Winlog Lite 2.06.21

  • Sielcosistemi Winlog Lite 2.06.24

  • Sielcosistemi Winlog Lite 2.06.25

  • Sielcosistemi Winlog Lite 2.06.28

  • Sielcosistemi Winlog Lite 2.06.40

  • Sielcosistemi Winlog Lite 2.06.46

  • Sielcosistemi Winlog Lite 2.06.50

  • Sielcosistemi Winlog Lite 2.06.60

  • Sielcosistemi Winlog Lite 2.06.73

  • Sielcosistemi Winlog Lite 2.06.86

  • Sielcosistemi Winlog Lite 2.07.00

  • Sielcosistemi Winlog Lite 2.07.01

  • Sielcosistemi Winlog Lite 2.07.08

  • Sielcosistemi Winlog Lite 2.07.09

  • Sielcosistemi Winlog Lite 2.07.11

  • Sielcosistemi Winlog Lite 2.07.14

  • Sielcosistemi Winlog Lite 2.07.16

  • Sielcosistemi Winlog Lite 2.07.17

  • Sielcosistemi Winlog Pro 2.06.00

  • Sielcosistemi Winlog Pro 2.06.03

  • Sielcosistemi Winlog Pro 2.06.04

  • Sielcosistemi Winlog Pro 2.06.06

  • Sielcosistemi Winlog Pro 2.06.09

  • Sielcosistemi Winlog Pro 2.06.10

  • Sielcosistemi Winlog Pro 2.06.12

  • Sielcosistemi Winlog Pro 2.06.13

  • Sielcosistemi Winlog Pro 2.06.14

  • Sielcosistemi Winlog Pro 2.06.18

  • Sielcosistemi Winlog Pro 2.06.21

  • Sielcosistemi Winlog Pro 2.06.24

  • Sielcosistemi Winlog Pro 2.06.25

  • Sielcosistemi Winlog Pro 2.06.28

  • Sielcosistemi Winlog Pro 2.06.40

  • Sielcosistemi Winlog Pro 2.06.46

  • Sielcosistemi Winlog Pro 2.06.50

  • Sielcosistemi Winlog Pro 2.06.60

  • Sielcosistemi Winlog Pro 2.06.73

  • Sielcosistemi Winlog Pro 2.06.86

  • Sielcosistemi Winlog Pro 2.07.00

  • Sielcosistemi Winlog Pro 2.07.01

  • Sielcosistemi Winlog Pro 2.07.08

  • Sielcosistemi Winlog Pro 2.07.09

  • Sielcosistemi Winlog Pro 2.07.11

  • Sielcosistemi Winlog Pro 2.07.14

  • Sielcosistemi Winlog Pro 2.07.16

  • Sielcosistemi Winlog Pro 2.07.17


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf

CONFIRM - http://www.sielcosistemi.com/en/news/index.html?id=70

SECUNIA - 49395

MISC - http://aluigi.org/adv/winlog_2-adv.txt


Last Updated: 27 May 2016 10:49:40