Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCADA_IGSS_DIR_TRAVERSAL.NBIN
HistoryMar 24, 2011 - 12:00 a.m.

IGSS Data Server Directory Traversal Arbitrary File Access

2011-03-2400:00:00
This script is Copyright (C) 2011-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

The remote service appears to be an instance of IGSS Data Server that fails to sanitize requests to the β€˜ReadFile()’ function of directory traversal sequences.

IGSS (Interactive Graphical SCADA System) is a SCADA system for process control and supervision developed by 7-Technologies.
Exploitation of this issue allows unauthenticated, remote attackers to retrieve arbitrary files via the affected service using a specially crafted request packet.

Note that this install of IGSS is likely affected by several other serious vulnerabilities, including multiple buffer overflows and arbitrary command execution, although this plugin has not checked for them.

Binary data scada_igss_dir_traversal.nbin
VendorProductVersionCPE
schneider-electricinteractive_graphical_scada_systemcpe:/a:schneider-electric:interactive_graphical_scada_system
JSON