The 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) application installed on the remote Windows host is a version prior to 10.0.0. It is, therefore, affected by a stack-based buffer overflow condition in the ODBC service due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted packet sent to TCP port 22202, to cause a denial of service or to execute arbitrary code with administrative privileges.
Binary data scada_app_igss_odbc_icsa-11-119-01.nbin