CVE-2012-4357

Winlog Pro < 2.07.17 - Remote Code Execution via Invalid File-Pointer Index

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4357. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in Sielco Sistemi Winlog SCADA/HMI software, including code execution, stack overflow, directory traversal, and memory corruption issues. The document provides disassembly snippets, exploitation details, and proof-of-concept commands using a custom tool (udpsz).

Description

Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/19409

This is a detailed technical analysis of multiple vulnerabilities in Sielco Sistemi Winlog SCADA/HMI software, including code execution, stack overflow, directory traversal, and memory corruption issues. The document provides disassembly snippets, exploitation details, and proof-of-concept commands using a custom tool (udpsz).

Classification
Writeup 100%
Attack Type
Rce | Info Leak | Dos
Complexity
Moderate
Reliability
Reliable
Target: Sielco Sistemi Winlog <= 2.07.16
No auth needed
Prerequisites: Network access to TCP port 46824 · Winlog TCP/IP server enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit x_refsource_misc
http://aluigi.org/adv/winlog_2-adv.txt
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49395
Various Sources x_refsource_confirm
http://www.sielcosistemi.com/en/news/index.html?id=69

Scores

EPSS 0.0735
EPSS Percentile 93.6%

Details

CWE
CWE-20
Status published
Products (50)
sielcosistemi/winlog_lite 2.06.00
sielcosistemi/winlog_lite 2.06.03
sielcosistemi/winlog_lite 2.06.04
sielcosistemi/winlog_lite 2.06.06
sielcosistemi/winlog_lite 2.06.09
sielcosistemi/winlog_lite 2.06.10
sielcosistemi/winlog_lite 2.06.12
sielcosistemi/winlog_lite 2.06.13
sielcosistemi/winlog_lite 2.06.14
sielcosistemi/winlog_lite 2.06.18
... and 40 more
Published Aug 19, 2012
Tracked Since Feb 18, 2026