Sielco Sistemi Clears SCADA Software

Wednesday, February 8, 2017 @ 03:02 PM gHale


Sielco Sistemi created an update to its Winlog SCADA Software to mitigate an uncontrolled search path element, according to a report with ICS-CERT.

No known public exploits specifically target this vulnerability, discovered by researcher Karn Ganeshen. This vulnerability is not remotely exploitable. A high skill level is needed to exploit.

RELATED STORIES
Alaris 8000 Credentials Vulnerability
Alaris Credentials Vulnerabilities
XL Web II Controller Holes Cleared
Electric Power Quality Meter Holes

An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.

CVE-2017-5161 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.2.

The product sees action in the communications, critical manufacturing, energy, and Water and Wastewater industries. The product sees use on a global basis.

The following Sielco Sistemi products suffer from the issue:
• Winlog Lite SCADA Software, versions prior to Version 3.02.01
• Winlog Pro SCADA Software, versions prior to Version 3.02.01

Italy-based Sielco Sistemi released new versions of the Winlog Lite and Winlog Pro SCADA software that mitigate the uncontrolled search path element vulnerability.

Click here for the most current versions of Winlog Lite and Winlog Pro SCADA software.



Leave a Reply

You must be logged in to post a comment.