search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Sielco Sistemi Winlog server stack overflow

Vulnerability Note VU#496040

Original Release Date: 2011-02-03 | Last Revised: 2011-02-03

Overview

Sielco Sistemi Winlog TCP/IP server contains a stack overflow vulnerability

Description

According to Sielco Sistemi's website: "Winlog is a software package for SCADA/HMI applications with web support, OPC client and a wide library of communication drivers and protocols for most PLCs (Siemens, Omron, Allen Bradley, Modbus, etc.)" Sielco Sistemi Winlog has the capability to accept remote connections by enabling the "Run TCP/IP server" option. The server listens on port 46823/tcp. A specially crafted packet from a remote attacker can cause a stack overflow possibly allowing an attacker to execute arbitrary code.

For additional information see ICS-CERT Advisory ICSA-11-017-02.

Public exploit code is available for this vulnerability.

Impact

A remote attacker can cause the device to crash and may be able to execute arbitrary code.

Solution

Upgrade

Sielco Sistemi recommends that users update their Winlog Lite and Winlog Pro to version 2.07.01.

Restrict Access

Enable firewall rules to restrict access for port 46823/tcp to only trusted sources.

Vendor Information

496040
Expand all

Sielco

Updated:  January 19, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

www.sielcosistemi.com/download/WinlogLite_Setup.exe www.sielcosistemi.com/download/Winlog_Setup_SF.exe

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Luigi Auriemma for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2011-0517
Severity Metric: 1.10
Date Public: 2011-01-17
Date First Published: 2011-02-03
Date Last Updated: 2011-02-03 15:12 UTC
Document Revision: 13

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.