9.3 - CVE-2011-0517

Executive Summary

Informations
Name	CVE-2011-0517	First vendor Publication	2011-01-20
Vendor	Cve	Last vendor Modification	2017-08-17

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0517

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sielcosistemi Winlog Pro cpe:2.3:a:sielcosistemi:winlog_pro:2.07.00:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.86:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.73:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.60:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.50:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.46:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.40:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.28:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.25:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.24:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.21:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.18:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.14:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.13:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.12:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.10:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.09:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.06:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.04:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.03:::::::* cpe:2.3:a:sielcosistemi:winlog_pro:2.06.00:::::::*	21

Open Source Vulnerability Database (OSVDB)

Id	Description
70418	Sielco Sistemi Winlog Pro TCP/IP Server Runtime.exe Packet Handling Remote Ov... Winlog Pro is prone to an overflow condition. The TCP/IP Server fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted packet sent to TCP port 46823, a remote attacker can potentially execute arbitrary code.

Snort® IPS/IDS

Date	Description
2014-01-10	Sielco Sistemi Winlog Pro stack buffer overflow attempt RuleID : 21491 - Revision : 7 - Type : PROTOCOL-SCADA

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/45813
CERT-VN	http://www.kb.cert.org/vuls/id/496040
EXPLOIT-DB	http://www.exploit-db.com/exploits/15992
MISC	http://aluigi.org/adv/winlog_1-adv.txt http://www.us-cert.gov/control_systems/pdf/ICSA-11-017-02.pdf
OSVDB	http://osvdb.org/70418
SECUNIA	http://secunia.com/advisories/42894
SREASON	http://securityreason.com/securityalert/8280
VUPEN	http://www.vupen.com/english/advisories/2011/0126
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/64716

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-05 01:08:06	Multiple Updates
2021-04-22 01:15:05	Multiple Updates
2020-05-23 13:16:57	Multiple Updates
2020-05-23 01:43:48	Multiple Updates
2020-05-23 00:27:43	Multiple Updates
2017-08-17 09:23:16	Multiple Updates
2016-06-28 18:31:50	Multiple Updates
2016-04-26 20:31:13	Multiple Updates
2014-01-19 21:27:28	Multiple Updates
2013-05-10 22:53:54	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	21
Sources(s)	10
osvdb(s)	1
Snort® Rule(s)	1

	Related
9.3	VU#496040
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

9.3 - CVE-2011-0517

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU