Lucene search

SAINT CorporationSAINT:32946DE2B294DA919788B4ED702B7298

HistoryApr 17, 2011 - 12:00 a.m.

7-Technologies Interactive Graphical SCADA System Remote Code Execution

2011-04-1700:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.726 High

EPSS

Percentile

98.1%

JSON

Added: 04/17/2011
CVE: CVE-2011-1567
BID: 46936

Background

7-Technologies Interactive Graphical SCADA System (IGSS) is a SCADA solution used mainly in Denmark and the US.

Problem

7T IGSS server contains multiple stack overflows, a format string vulnerability, a remote command execution vulnerability, and a directory traversal vulnerability.

Resolution

Upgrade to version 9.00.00.11083 or higher.

References

<http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf>
<http://aluigi.org/adv/igss_2-adv.txt>

Limitations

This exploit has been tested against 7-Technologies IGSS 9.0 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802.

Platforms

Windows

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.726 High

EPSS

Percentile

98.1%

JSON

Related for SAINT:32946DE2B294DA919788B4ED702B7298