Format string

2011-04-0515:19:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.577 Medium

EPSS

Percentile

97.7%

JSON

Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information.

References

aluigi.org/adv/igss_6-adv.txt

secunia.com/advisories/43849

securityreason.com/securityalert/8182

www.securityfocus.com/bid/46936

www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf

www.vupen.com/english/advisories/2011/0741

www.exploit-db.com/exploits/17024