New Release for Vulnerable SCADA

Friday, December 9, 2011 @ 05:12 PM gHale

There is a buffer overflow vulnerability in Sielco Sistemi Winlog application.

Sielco Sistemi has produced a new release that mitigates this vulnerability. Independent researcher Paul Davis, who found the vulnerability, said he has tested the new release and validated it resolves the vulnerability, ICS-CERT said.

Hike in Public Release of SCADA Holes
Siemens Investigating Vulnerabilities
Schneider Vulnerabilities Released
Patches for InduSoft Vulnerabilities

The Sielco Sistemi products affected are the Winlog Lite versions older than Version 2.07.09 and Winlog PRO versions older than Version 2.07.09.

Successful exploitation of this vulnerability could lead to a program crash or arbitrary code execution.

Sielco Sistemi is an Italy-based company that creates supervisory control and data acquisition (SCADA)/human-machine interface (HMI) software and hardware products. Winlog Lite is a demo version of the Winlog PRO SCADA/HMI system. Winlog PRO works across several sectors including manufacturing, public utilities, telecommunications, and others, Sielco Sistemi said. Sielco Sistemi products are in 16 countries around the world.

In the affected versions, Winlog does not properly sanitize the inputs from project files. Invalid information in certain fields can overwrite memory locations, which causes the program to crash and then possibly execute arbitrary code.

This vulnerability is not remotely exploitable and there needs to be user interaction for the exploit to work. The exploit only triggers when a local user runs the vulnerable application and loads the malformed file.

Social engineering must occur for the user to accept the malformed file. Additional user interaction must take place to load the malformed file, decreasing the likelihood of a successful exploit.

Sielco Sistemi provided the following links to download new releases that do not contain this vulnerability:
Winlog Lite
Winlog PRO

For more details on this event, click on the SCADAhacker reference page.

Leave a Reply

You must be logged in to post a comment.