CVE-2012-4356 Information

Feb 14, 2021 cve

Description

Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname followed by a file-read operation with opcode (1) 0x96 (2) 0x97 or (3) 0x98.

Reference

http://aluigi.org/adv/winlog_2-adv.txt http://secunia.com/advisories/49395 http://www.sielcosistemi.com/en/news/index.html?id=69 http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf

Share on: