Sielco Sistemi Winlog Holes

Thursday, July 5, 2012 @ 04:07 PM gHale

There are multiple vulnerabilities with proof-of-concept (PoC) exploit code affecting Sielco Sistemi Winlog Version 2.07.14, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product.

The vulnerabilities can suffer from remote exploitation by sending specially crafted requests to TCP/46824, according to a report on ICS-CERT. The report, released by independent security researcher Luigi Auriemma, went out without coordination with either the vendor or ICS-CERT.

GE Proficy Vulnerabilities
WAGO Mitigates Vulnerabilities
Wonderware Patches Unicode Hole
Wonderware SuiteLink Vulnerability

ICS-CERT has notified Sielco of the report and asked Sielco to confirm the vulnerabilities and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

The report included vulnerability details and PoC exploit code for the following remotely exploitable vulnerabilities.

Multiple buffer overflows, improper access of indexable resource, and write-what-where condition, which all could lead to a possible remote code execution. While the directory traversal (improper access control), could lead to remote code execution.

Winlog is a SCADA/HMI software package for the supervision of industrial and civil plants. It can connect to PLCs, controllers, motor drives, and I/O modules.

ICS-CERT is coordinating with the vendor and security researcher to identify mitigations.

Leave a Reply

You must be logged in to post a comment.