ICSA-17-038-01_Sielco Sistemi Winlog SCADA Software

Monitor7.2ICS-CERT ICSA-17-038-01Feb 7, 2017

Attack VectorLocal

Auth RequiredHigh

ComplexityHigh

User InteractionRequired

Summary

A local code execution vulnerability exists in Sielco Sistemi Winlog SCADA software versions before 3.02.01 that allows a locally authenticated user with high privileges to execute arbitrary code on the engineering workstation. The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element) and requires local access and elevated privileges to exploit. Affected products include Winlog Lite and Winlog Pro SCADA Software.

What this means

What could happen

An attacker with local access and elevated privileges could execute arbitrary code on a SCADA workstation running Winlog, potentially disrupting supervisory visibility and control of energy infrastructure.

Who's at risk

Energy utilities and operators managing SCADA systems via Winlog Lite and Winlog Pro on engineering workstations. This affects supervisory monitoring and control of generation, transmission, and distribution systems.

How it could be exploited

An attacker must first obtain local access to the SCADA engineering workstation and have high-level privileges (e.g., administrator or SCADA operator account). They then exploit a local code execution vulnerability to run arbitrary commands with the privileges of the Winlog application, gaining the ability to modify process logic or exfiltrate system configurations.

Prerequisites

Local access to the SCADA engineering workstation
High-level user privileges (administrator or SCADA operator role)
Ability to interact with the Winlog application user interface

Local access requiredHigh privileges requiredNo patch available for end-of-life productsAffects SCADA visibility and control systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Winlog Lite SCADA Software:< 3.02.01No fix (EOL)

Winlog Pro SCADA Software:< 3.02.01No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local access to SCADA engineering workstations through physical security controls and access logs

HARDENINGApply principle of least privilege: limit user accounts on SCADA workstations to only those required for operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade to Winlog Lite SCADA Software version 3.02.01 or later if vendor releases a patch

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Winlog Lite SCADA Software:, Winlog Pro SCADA Software:. Apply the following compensating controls:

HARDENINGIsolate SCADA engineering workstations from untrusted networks using air-gapped or dedicated network segments

CVEs (1)

CVE-2017-5161

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5e51b328-953f-4eb0-93c9-a67168bbaa21