The 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) application installed on the remote Windows host is a version prior to 9.0.0.11143. It is, therefore, affected by a memory corruption issue in the ODBC service due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted structure in a packet sent to to TCP port 22202, to cause a stack-based buffer overflow, resulting in the execution arbitrary code with administrative privileges.
Binary data scada_app_igss_odbc_icsa-11-018-02.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | interactive_graphical_scada_system | cpe:/a:schneider-electric:interactive_graphical_scada_system |