The remote service appears to be an instance of IGSS Data Server that fails to sanitize requests to the βReadFile()β function of directory traversal sequences.
IGSS (Interactive Graphical SCADA System) is a SCADA system for process control and supervision developed by 7-Technologies.
Exploitation of this issue allows unauthenticated, remote attackers to retrieve arbitrary files via the affected service using a specially crafted request packet.
Note that this install of IGSS is likely affected by several other serious vulnerabilities, including multiple buffer overflows and arbitrary command execution, although this plugin has not checked for them.
Binary data scada_igss_dir_traversal.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | interactive_graphical_scada_system | cpe:/a:schneider-electric:interactive_graphical_scada_system |