Vulners
Lucene search
Interactive Graphical SCADA System DLL Loading Arbitrary Code Execution Vulnerability
🗓️ 23 Jan 2012 00:00:00Reported by Copyright (C) 2012 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 15 Views
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2011-4053 | 19 Jan 201215:00 | – | cve |
 | CVE-2011-4053 | 19 Jan 201215:00 | – | cvelist |
 | EUVD-2011-4005 | 7 Oct 202500:30 | – | euvd |
 | 7-Technologies Interactive Graphical SCADA | 21 Sep 201106:00 | – | ics |
 | CVE-2011-4053 | 19 Jan 201215:55 | – | nvd |
| Interactive Graphical SCADA System DLL Loading Arbitrary Code Execution Vulnerability | 23 Jan 201200:00 | – | openvas |
 | Design/Logic Flaw | 19 Jan 201215:55 | – | prion |
 | CVE-2011-4053 | 22 May 202503:42 | – | redhatcve |
 | 7-Technologies IGSS < 9.0.0.11291 DLL Loading Arbitrary Code Execution | 23 May 201200:00 | – | nessus |
| Source | Link |
|---|---|
| us-cert | www.us-cert.gov/control_systems/pdf/ICSA-11-353-01.pdf |
| securityfocus | www.securityfocus.com/bid/51438 |
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_igss_dll_code_execution_vuln.nasl 5940 2017-04-12 09:02:05Z teissa $
#
# Interactive Graphical SCADA System DLL Loading Arbitrary Code Execution Vulnerability
#
# Authors:
# Sooraj KS <[email protected]>
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "Successful exploitation could allow remote attackers to execute arbitrary
code and conduct DLL hijacking attacks.
Impact Level: System/Application";
tag_affected = "7T Interactive Graphical SCADA System (IGSS) versions prior to 9.0.0.11291";
tag_insight = "This flaw is due to the application insecurely loading certain
libraries from the current working directory, which could allow attackers
to execute arbitrary code by tricking a user into opening a file from a
network share.";
tag_solution = "Apply the patch from below link,
http://www.7t.dk/igss/igssupdates/v90/progupdatesv90.zip";
tag_summary = "This host is installed with Interactive Graphical SCADA System
and is prone to code execution vulnerability.";
if(description)
{
script_id(802297);
script_version("$Revision: 5940 $");
script_cve_id("CVE-2011-4053");
script_bugtraq_id(51438);
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $");
script_tag(name:"creation_date", value:"2012-01-23 15:15:15 +0530 (Mon, 23 Jan 2012)");
script_name("Interactive Graphical SCADA System DLL Loading Arbitrary Code Execution Vulnerability");
script_xref(name : "URL" , value : "http://www.securityfocus.com/bid/51438");
script_xref(name : "URL" , value : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-353-01.pdf");
script_tag(name:"qod_type", value:"executable_version");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
script_family("General");
script_dependencies("gb_igss_detect.nasl");
script_require_keys("IGSS/Win/Ver");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
include("smb_nt.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
## Get version from KB
version = get_kb_item("IGSS/Win/Ver");
if(! version){
exit(0);
}
## Check for IGSS versions prior to 9.0
if(version_is_less(version:version, test_version:"9.0"))
{
security_message(0);
exit(0);
}
## Check for IGSS Patch
if(version =~ "^9\.0\.*")
{
## Get ODBC Server Path
key = "SOFTWARE\7-Technologies\IGSS32\v9.00.00\ENVIRONMENT";
if(!registry_key_exists(key:key)){
exit(0);
}
odbcPath = registry_get_sz(key:key, item:"IGSSWORK");
if(! odbcPath){
exit(0);
}
## Get Version from Odbcixv9se.exe
odbcVer = fetch_file_version(sysPath:odbcPath, file_name:"Odbcixv9se.exe");
if(! odbcVer){
exit(0);
}
## Check for IGSS ODBC versions prior to 9.0.0.11291
if(version_is_less(version:version, test_version:"9.0.0.11291")) {
security_message(0);
}
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Apr 2017 00:00Current
1.4Low risk
Vulners AI Score1.4
EPSS0.00412