Vulnerability Description
Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sielcosistemi | Winlog Pro | <= 2.07.17 |
| Sielcosistemi | Winlog Lite | <= 2.07.17 |
Related Weaknesses (CWE)
References
- http://aluigi.org/adv/winlog_2-adv.txtExploit
- http://secunia.com/advisories/49395Vendor Advisory
- http://www.sielcosistemi.com/en/news/index.html?id=70
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdfUS Government Resource
- http://aluigi.org/adv/winlog_2-adv.txtExploit
- http://secunia.com/advisories/49395Vendor Advisory
- http://www.sielcosistemi.com/en/news/index.html?id=70
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdfUS Government Resource
FAQ
What is CVE-2012-4359?
CVE-2012-4359 is a vulnerability with a CVSS score of 9.3 (HIGH). Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service...
How severe is CVE-2012-4359?
CVE-2012-4359 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4359?
Check the references section above for vendor advisories and patch information. Affected products include: Sielcosistemi Winlog Pro, Sielcosistemi Winlog Lite.