Your one-stop web resource providing safety and security information to manufacturers

There is a Structured Exception Handler (SEH) overwrite vulnerability with proof-of-concept (PoC) exploit code affecting Sielco Sistemi WinLog Lite SCADA HMI, a supervisory control and data acquisition/human-machine interface (SCADA/HMI).

The vulnerability is exploitable by overwriting the SEH to allow insertion and execution of shell-code, according to a report on ICS-CERT.

Hotfix for DeltaV Vulnerability
Optimalog Closes Optima PLC Hole
Siemens has Fix for CA Vulnerability
ORing SCADA Line Vulnerability

Independent security researcher “FaryadR” (aka Ciph3r) on the Web site released the report without coordination with either the vendor or ICS-CERT.

The vendor is aware of the report and the company is researching the vulnerability and identify mitigations. ICS-CERT issued their alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

Schneider Bold

The report included vulnerability details and PoC exploit code for Sielco Sistemi — WinLog Lite SCADA HMI, ver. 2.06.17

If an attacker exploited this vulnerability, it could lead to possible code execution.

Italy-based Sielco Sistemi has sales and support offices worldwide providing multiple SCADA/HMI solutions.

Pin It on Pinterest

Share This