Directory Traversal Vulnerabilities in Sielco Sistemi Winlog Pro and Winlog Lite SCADA

Directory Traversal Vulnerabilities in Sielco Sistemi Winlog Pro and Winlog Lite SCADA

CVE-2012-4356 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.

Learn more about our Web Application Penetration Testing UK.