CVE-2012-4355

TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow.  NOTE: some of these details are obtained from third party information.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
sielcosistemiwinlog_pro
𝑥
≤ 2.07.17
sielcosistemiwinlog_pro
2.06.00
sielcosistemiwinlog_pro
2.06.03
sielcosistemiwinlog_pro
2.06.04
sielcosistemiwinlog_pro
2.06.06
sielcosistemiwinlog_pro
2.06.09
sielcosistemiwinlog_pro
2.06.10
sielcosistemiwinlog_pro
2.06.12
sielcosistemiwinlog_pro
2.06.13
sielcosistemiwinlog_pro
2.06.14
sielcosistemiwinlog_pro
2.06.18
sielcosistemiwinlog_pro
2.06.21
sielcosistemiwinlog_pro
2.06.24
sielcosistemiwinlog_pro
2.06.25
sielcosistemiwinlog_pro
2.06.28
sielcosistemiwinlog_pro
2.06.40
sielcosistemiwinlog_pro
2.06.46
sielcosistemiwinlog_pro
2.06.50
sielcosistemiwinlog_pro
2.06.60
sielcosistemiwinlog_pro
2.06.73
sielcosistemiwinlog_pro
2.06.86
sielcosistemiwinlog_pro
2.07.00
sielcosistemiwinlog_pro
2.07.01
sielcosistemiwinlog_pro
2.07.08
sielcosistemiwinlog_pro
2.07.09
sielcosistemiwinlog_pro
2.07.11
sielcosistemiwinlog_pro
2.07.14
sielcosistemiwinlog_pro
2.07.16
sielcosistemiwinlog_lite
𝑥
≤ 2.07.17
sielcosistemiwinlog_lite
2.06.00
sielcosistemiwinlog_lite
2.06.03
sielcosistemiwinlog_lite
2.06.04
sielcosistemiwinlog_lite
2.06.06
sielcosistemiwinlog_lite
2.06.09
sielcosistemiwinlog_lite
2.06.10
sielcosistemiwinlog_lite
2.06.12
sielcosistemiwinlog_lite
2.06.13
sielcosistemiwinlog_lite
2.06.14
sielcosistemiwinlog_lite
2.06.18
sielcosistemiwinlog_lite
2.06.21
sielcosistemiwinlog_lite
2.06.24
sielcosistemiwinlog_lite
2.06.25
sielcosistemiwinlog_lite
2.06.28
sielcosistemiwinlog_lite
2.06.40
sielcosistemiwinlog_lite
2.06.46
sielcosistemiwinlog_lite
2.06.50
sielcosistemiwinlog_lite
2.06.60
sielcosistemiwinlog_lite
2.06.73
sielcosistemiwinlog_lite
2.06.86
sielcosistemiwinlog_lite
2.07.00
sielcosistemiwinlog_lite
2.07.01
sielcosistemiwinlog_lite
2.07.08
sielcosistemiwinlog_lite
2.07.09
sielcosistemiwinlog_lite
2.07.11
sielcosistemiwinlog_lite
2.07.14
sielcosistemiwinlog_lite
2.07.16
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aluigi.org/adv/winlog_2-adv.txt
http://secunia.com/advisories/49395
http://www.sielcosistemi.com/en/news/index.html?id=70
http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
http://aluigi.org/adv/winlog_2-adv.txt
http://secunia.com/advisories/49395
http://www.sielcosistemi.com/en/news/index.html?id=70
http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf