Lucene search

[email protected]CVE-2011-1565

HistoryApr 05, 2011 - 3:19 p.m.

CVE-2011-1565

2011-04-0515:19:35

CWE-22

[email protected]

web.nvd.nist.gov

cve-2011-1565

directory traversal

igssdataserver.exe

remote attackers

arbitrary files

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.434 Medium

EPSS

Percentile

97.4%

JSON

Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via …\ (dot dot backslash) sequences to TCP port 12401.

Affected configurations

NVD

Node

7tigss

CPENameOperatorVersion
7t:igss7t igsseq*

CPE	Name	Operator	Version
7t:igss	7t igss	eq	*

References

aluigi.org/adv/igss_1-adv.txt

secunia.com/advisories/43849

securityreason.com/securityalert/8178

www.exploit-db.com/exploits/17024

www.securityfocus.com/bid/46936

www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf

www.vupen.com/english/advisories/2011/0741

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.434 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2011-1565

cvelist1 nvd1 checkpoint_advisories1 prion1 saint4 openvas2