NVD Vulnerability Detail

CVE-2012-3815

Summary	Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information.
Publication Date	June 28, 2012, 6:55 a.m.
Registration Date	Jan. 28, 2021, 3:01 p.m.
Last Update	Nov. 21, 2024, 10:41 a.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro::::::::		2.07.14
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite::::::::		2.07.14
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:::::::*

Related information, measures and tools

No	URL	タグ
1	http://archives.neohapsis.com/archives/bugtraq/2012-06/0009.html	Exploit
2	http://archives.neohapsis.com/archives/bugtraq/2012-06/0009.html	Exploit
3	http://secunia.com/advisories/49395	Vendor Advisory
4	http://secunia.com/advisories/49395	Vendor Advisory
5	http://securitytracker.com/id?1027128
6	http://securitytracker.com/id?1027128
7	http://www.osvdb.org/82654
8	http://www.osvdb.org/82654
9	http://www.s3cur1ty.de/m1adv2012-001	Exploit
10	http://www.s3cur1ty.de/m1adv2012-001	Exploit
11	http://www.securityfocus.com/bid/53811	Exploit
12	http://www.securityfocus.com/bid/53811	Exploit
13	http://www.sielcosistemi.com/en/news/index.html?id=69
14	http://www.sielcosistemi.com/en/news/index.html?id=69
15	http://www.sielcosistemi.com/en/news/index.html?id=70
16	http://www.sielcosistemi.com/en/news/index.html?id=70
17	http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
18	http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf
19	https://exchange.xforce.ibmcloud.com/vulnerabilities/76060
20	https://exchange.xforce.ibmcloud.com/vulnerabilities/76060

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

Sielco Sistemi Winlog の RunTime.exe におけるバッファオーバーフローの脆弱性

Title	Sielco Sistemi Winlog の RunTime.exe におけるバッファオーバーフローの脆弱性
Summary	Sielco Sistemi Winlog の RunTime.exe には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、TCP ポート 46824 への巧妙に細工されたパケットを介して、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	June 27, 2012, midnight
Registration Date	July 2, 2012, 11:34 a.m.
Last Update	June 26, 2013, 2:36 p.m.

Affected System

Sielco Sistemi

WinLog Lite 2.07.14 およびそれ以前

WinLog Pro 2.07.14 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-3815	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3815
National Vulnerability Database (NVD)
2	CVE-2012-3815	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3815

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Sielco Sistemi
1	Winlog Pro SCADA and Winlog Lite SCADA 2.07.17	http://www.sielcosistemi.com/en/news/index.html?id=69
2	Winlog Pro SCADA and Winlog Lite SCADA 2.07.18	http://www.sielcosistemi.com/en/news/index.html?id=70
Winlog Pro
3	Top Page	http://www.sielcosistemi.com/en/products/winlog_scada_hmi/index.html

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-12-213-01	http://ics-cert.us-cert.gov/advisories/ICSA-12-213-01

Change Log

No	Changed Details	Date of change
0	[2012年07月02日] 掲載 [2012年07月09日] 影響を受けるシステム：内容を更新 CVSS による深刻度：基本値と攻撃条件の複雑さ、機密性への影響、完全性への影響、可用性への影響を変更 [2012年09月04日] ベンダ情報：Sielco Sistemi (Winlog Pro SCADA and Winlog Lite SCADA 2.07.17) を追加ベンダ情報：Sielco Sistemi (Winlog Pro SCADA and Winlog Lite SCADA 2.07.18) を追加 [2013年06月26日] 参考情報：ICS-CERT ADVISORY (ICSA-12-213-01) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.60:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.24:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.11:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.86:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.04:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.46:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.11:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.08:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.09:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.50:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro::::::::		2.07.14
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.12:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.08:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.07.01:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.21:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.01:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.09:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.25:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.14:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.40:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.18:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.00:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.00:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.28:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.07.09:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.06:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite::::::::		2.07.14
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.03:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.73:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.10:::::::*
cpe:2.3:a:sielcosistemi:winlog_lite:2.06.13:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:::::::*
cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:::::::*