Overview
Sielco Sistemi Winlog TCP/IP server contains a stack overflow vulnerability
Description
According to Sielco Sistemi's website: "Winlog is a software package for SCADA/HMI applications with web support, OPC client and a wide library of communication drivers and protocols for most PLCs (Siemens, Omron, Allen Bradley, Modbus, etc.)" Sielco Sistemi Winlog has the capability to accept remote connections by enabling the "Run TCP/IP server" option. The server listens on port 46823/tcp. A specially crafted packet from a remote attacker can cause a stack overflow possibly allowing an attacker to execute arbitrary code. For additional information see ICS-CERT Advisory ICSA-11-017-02. |
Impact
A remote attacker can cause the device to crash and may be able to execute arbitrary code. |
Solution
Upgrade |
Restrict Access |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Luigi Auriemma for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
| CVE IDs: | CVE-2011-0517 |
| Severity Metric: | 1.10 |
| Date Public: | 2011-01-17 |
| Date First Published: | 2011-02-03 |
| Date Last Updated: | 2011-02-03 15:12 UTC |
| Document Revision: | 13 |