CVE-2012-4356

Winlog Pro < 2.07.17 - Unauthenticated Path Traversal via TCP Port 46824 File Operations

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4356. PoCs published by Luigi Auriemma, juan vazquez, including Metasploit module auxiliary/scanner/scada/sielco_winlog_fileaccess.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Sielco Sistemi Winlog SCADA/HMI software, including code execution via function pointer manipulation, stack overflow, directory traversal, and memory corruption. It provides specific commands to trigger these vulnerabilities using a custom tool (udpsz).

Description

Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.

Exploits (2)

exploitdb WORKING POC
doswindows
https://www.exploit-db.com/exploits/19409

The exploit demonstrates multiple vulnerabilities in Sielco Sistemi Winlog SCADA/HMI software, including code execution via function pointer manipulation, stack overflow, directory traversal, and memory corruption. It provides specific commands to trigger these vulnerabilities using a custom tool (udpsz).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Sielco Sistemi Winlog <= 2.07.16
No auth needed
Prerequisites: Network access to the target system on port 46824 · TCP/IP server enabled in Winlog configuration
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC
by Luigi Auriemma, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/scada/sielco_winlog_fileaccess.rb

This Metasploit module exploits a directory traversal vulnerability in Sielco Sistemi Winlog's Runtime.exe service via TCP port 46824. It allows remote file access by sending crafted packets to read arbitrary files from the target system.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Sielco Sistemi Winlog Lite 2.07.14
No auth needed
Prerequisites: Network access to TCP port 46824 · Target system running vulnerable Winlog version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit x_refsource_misc
http://aluigi.org/adv/winlog_2-adv.txt
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49395
Various Sources x_refsource_confirm
http://www.sielcosistemi.com/en/news/index.html?id=69

Scores

EPSS 0.2749
EPSS Percentile 97.8%

Details

CWE
CWE-22
Status published
Products (50)
sielcosistemi/winlog_lite 2.06.00
sielcosistemi/winlog_lite 2.06.03
sielcosistemi/winlog_lite 2.06.04
sielcosistemi/winlog_lite 2.06.06
sielcosistemi/winlog_lite 2.06.09
sielcosistemi/winlog_lite 2.06.10
sielcosistemi/winlog_lite 2.06.12
sielcosistemi/winlog_lite 2.06.13
sielcosistemi/winlog_lite 2.06.14
sielcosistemi/winlog_lite 2.06.18
... and 40 more
Published Aug 19, 2012
Tracked Since Feb 18, 2026