CVE-2012-4358

Winlog Pro and Winlog Lite < 2.07.17 - Denial of Service via Crafted TCP Packet

Title source: llm
STIX 2.1

Description

Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode.

References (4)

Core 4
Core References
Exploit x_refsource_misc
http://aluigi.org/adv/winlog_2-adv.txt
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49395
Various Sources x_refsource_confirm
http://www.sielcosistemi.com/en/news/index.html?id=69

Scores

EPSS 0.0252
EPSS Percentile 83.0%

Details

CWE
CWE-20
Status published
Products (50)
sielcosistemi/winlog_lite 2.06.00
sielcosistemi/winlog_lite 2.06.03
sielcosistemi/winlog_lite 2.06.04
sielcosistemi/winlog_lite 2.06.06
sielcosistemi/winlog_lite 2.06.09
sielcosistemi/winlog_lite 2.06.10
sielcosistemi/winlog_lite 2.06.12
sielcosistemi/winlog_lite 2.06.13
sielcosistemi/winlog_lite 2.06.14
sielcosistemi/winlog_lite 2.06.18
... and 40 more
Published Aug 19, 2012
Tracked Since Feb 18, 2026