SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-600592280] Sielco Sistemi Winlog SCADA Software

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-02-07OtherSielco SistemiResearcher Karn Ganeshen identified this vulnerability. N/ACVE-2017-5161 N/AN/AN/A

Source

						
							
								
#
# Sielco Sistemi Winlog SCADA Software
#


### VULNERABLE VENDOR
Sielco Sistemi


### VULNERABLE PRODUCT
Winlog SCADA Software



### RESEARCHER
Researcher Karn Ganeshen identified this vulnerability.



### AFFECTED PRODUCTS

The following Sielco Sistemi products are affected:

Winlog Lite SCADA Software, versions prior to Version 3.02.01, and
Winlog Pro SCADA Software, versions prior to Version 3.02.01



### IMPACT

Successful exploitation of this vulnerability may allow an attacker to load a malicious DLL and execute code on the affected system with the same privileges as the application that loaded the malicious DLL.



### VULNERABILITY OVERVIEW

UNCONTROLLED SEARCH PATH ELEMENT (CWE-427)

An uncontrolled search path element (DLL Hijacking) vulnerability has been identified.
Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL.
CVE-2017-5161 has been assigned to this vulnerability.
A CVSS v3 base score of 7.2 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Communications, Critical Manufacturing, Energy, Water and Wastewater
Countries Deployed: Deployed worldwide
Company Headquarters Location: Italy




### MITIGATION

Sielco Sistemi has released new versions of the Winlog Lite and Winlog Pro SCADA software that mitigate the uncontrolled search path element vulnerability.

The most current versions of Winlog Lite and Winlog Pro SCADA software are available here:

https://www.sielcosistemi.com/en/download/public/download.html