CVE-2012-4356 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
sielcosistemi	winlog_pro	𝑥 ≤ 2.07.16
sielcosistemi	winlog_pro	2.06.00
sielcosistemi	winlog_pro	2.06.03
sielcosistemi	winlog_pro	2.06.04
sielcosistemi	winlog_pro	2.06.06
sielcosistemi	winlog_pro	2.06.09
sielcosistemi	winlog_pro	2.06.10
sielcosistemi	winlog_pro	2.06.12
sielcosistemi	winlog_pro	2.06.13
sielcosistemi	winlog_pro	2.06.14
sielcosistemi	winlog_pro	2.06.18
sielcosistemi	winlog_pro	2.06.21
sielcosistemi	winlog_pro	2.06.24
sielcosistemi	winlog_pro	2.06.25
sielcosistemi	winlog_pro	2.06.28
sielcosistemi	winlog_pro	2.06.40
sielcosistemi	winlog_pro	2.06.46
sielcosistemi	winlog_pro	2.06.50
sielcosistemi	winlog_pro	2.06.60
sielcosistemi	winlog_pro	2.06.73
sielcosistemi	winlog_pro	2.06.86
sielcosistemi	winlog_pro	2.07.00
sielcosistemi	winlog_pro	2.07.01
sielcosistemi	winlog_pro	2.07.08
sielcosistemi	winlog_pro	2.07.09
sielcosistemi	winlog_pro	2.07.11
sielcosistemi	winlog_pro	2.07.14
sielcosistemi	winlog_lite	𝑥 ≤ 2.07.16
sielcosistemi	winlog_lite	2.06.00
sielcosistemi	winlog_lite	2.06.03
sielcosistemi	winlog_lite	2.06.04
sielcosistemi	winlog_lite	2.06.06
sielcosistemi	winlog_lite	2.06.09
sielcosistemi	winlog_lite	2.06.10
sielcosistemi	winlog_lite	2.06.12
sielcosistemi	winlog_lite	2.06.13
sielcosistemi	winlog_lite	2.06.14
sielcosistemi	winlog_lite	2.06.18
sielcosistemi	winlog_lite	2.06.21
sielcosistemi	winlog_lite	2.06.24
sielcosistemi	winlog_lite	2.06.25
sielcosistemi	winlog_lite	2.06.28
sielcosistemi	winlog_lite	2.06.40
sielcosistemi	winlog_lite	2.06.46
sielcosistemi	winlog_lite	2.06.50
sielcosistemi	winlog_lite	2.06.60
sielcosistemi	winlog_lite	2.06.73
sielcosistemi	winlog_lite	2.06.86
sielcosistemi	winlog_lite	2.07.00
sielcosistemi	winlog_lite	2.07.01
sielcosistemi	winlog_lite	2.07.08
sielcosistemi	winlog_lite	2.07.09
sielcosistemi	winlog_lite	2.07.11
sielcosistemi	winlog_lite	2.07.14

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://aluigi.org/adv/winlog_2-adv.txt

http://secunia.com/advisories/49395

http://www.sielcosistemi.com/en/news/index.html?id=69

http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf

http://aluigi.org/adv/winlog_2-adv.txt

http://secunia.com/advisories/49395

http://www.sielcosistemi.com/en/news/index.html?id=69

http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf