Share

Top 5 Stories

News

Buffer overflow vulnerability identified in Sielco Sistemi SCADA system

28 December 2011

The US Department of Homeland Security (DHS) is warning about a buffer overflow vulnerability in the Sielco Sistemi Winlog application used to control industrial systems.

A hacker could exploit this vulnerability, identified by independent researcher Paul Davis, to carry out an arbitrary code execution or program crash, according to the advisory issued by the DHS Industrial Control Systems Cyber Emergency Response Team.

Sielco Sistemi is an Italian company that makes supervisory control and data acquisition/human-machine interface (SCADA/HMI) software and hardware products.

Affected products include Winlog Lite and Winlog PRO versions older than Version 2.07.09. Winlog Lite is a demo version of the Winlog PRO SCADA/HMI system. According to Sielco Sistemi, Winlog PRO is deployed across several sectors including manufacturing, public utilities, and telecommunications.

“In the affected versions, Winlog does not properly sanitize the inputs from project files. Invalid information in certain fields can overwrite memory locations, which causes the program to crash and could be used to execute arbitrary code….The exploit is only triggered when a local user runs the vulnerable application and loads the malformed file”, the advisory explained.

Sielco Sistemi has produced a new release that mitigates the vulnerability, which Davis has validated as resolving the issue. The company advises users to download the new Winlog release from its website at www.sielcosistemi.com.
 

This article is featured in:
Application Security  •  Internet and Network Security  •  Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×