Sielcosistemi
Products
4- 11 CVEs
- 10 CVEs
- 7 CVEs
- 1 CVE
Recent CVEs
18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5161 | Hig | 0.47 | 7.2 | 0.01 | Feb 13, 2017 | An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this… | ||
| CVE-2012-3815 | 0.07 | — | 0.44 | Jun 27, 2012 | Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information. | |||
| CVE-2011-0517 | 0.06 | — | 0.40 | Jan 20, 2011 | Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823. | |||
| CVE-2012-4356 | 0.05 | — | 0.27 | Aug 19, 2012 | Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a… | |||
| CVE-2012-4353 | 0.05 | — | 0.25 | Aug 19, 2012 | Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the… | |||
| CVE-2012-4357 | 0.04 | — | 0.07 | Aug 19, 2012 | Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an… | |||
| CVE-2012-4355 | 0.04 | — | 0.08 | Aug 19, 2012 | TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer… | |||
| CVE-2012-4354 | 0.04 | — | 0.08 | Aug 19, 2012 | TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer… | |||
| CVE-2023-46665 | 0.00 | — | 0.01 | Oct 26, 2023 | Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges. | |||
| CVE-2023-46664 | 0.00 | — | 0.01 | Oct 26, 2023 | Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind… | |||
| CVE-2023-46663 | 0.00 | — | 0.00 | Oct 26, 2023 | Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. | |||
| CVE-2023-46662 | 0.00 | — | 0.01 | Oct 26, 2023 | Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information. | |||
| CVE-2023-46661 | 0.00 | — | 0.01 | Oct 26, 2023 | Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests. | |||
| CVE-2023-5754 | 0.00 | — | 0.00 | Oct 26, 2023 | Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | |||
| CVE-2023-0897 | 0.00 | — | 0.00 | Oct 26, 2023 | Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. | |||
| CVE-2012-4359 | 0.00 | — | 0.03 | Aug 19, 2012 | Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified… | |||
| CVE-2012-4358 | 0.00 | — | 0.03 | Aug 19, 2012 | Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified… | |||
| CVE-2011-4037 | 0.00 | — | 0.05 | Dec 22, 2011 | Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file. |
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this…
- CVE-2012-3815Jun 27, 2012risk 0.07cvss —epss 0.44
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information.
- CVE-2011-0517Jan 20, 2011risk 0.06cvss —epss 0.40
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
- CVE-2012-4356Aug 19, 2012risk 0.05cvss —epss 0.27
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a…
- CVE-2012-4353Aug 19, 2012risk 0.05cvss —epss 0.25
Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the…
- CVE-2012-4357Aug 19, 2012risk 0.04cvss —epss 0.07
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an…
- CVE-2012-4355Aug 19, 2012risk 0.04cvss —epss 0.08
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer…
- CVE-2012-4354Aug 19, 2012risk 0.04cvss —epss 0.08
TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer…
- CVE-2023-46665Oct 26, 2023risk 0.00cvss —epss 0.01
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.
- CVE-2023-46664Oct 26, 2023risk 0.00cvss —epss 0.01
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind…
- CVE-2023-46663Oct 26, 2023risk 0.00cvss —epss 0.00
Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
- CVE-2023-46662Oct 26, 2023risk 0.00cvss —epss 0.01
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
- CVE-2023-46661Oct 26, 2023risk 0.00cvss —epss 0.01
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
- CVE-2023-5754Oct 26, 2023risk 0.00cvss —epss 0.00
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
- CVE-2023-0897Oct 26, 2023risk 0.00cvss —epss 0.00
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
- CVE-2012-4359Aug 19, 2012risk 0.00cvss —epss 0.03
Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified…
- CVE-2012-4358Aug 19, 2012risk 0.00cvss —epss 0.03
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified…
- CVE-2011-4037Dec 22, 2011risk 0.00cvss —epss 0.05
Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file.