Added: 06/03/2011
CVE: CVE-2011-1566
BID: 46936
OSVDB: 72349
7-Technologies Interactive Graphical SCADA System (IGSS) is a Supervisory Control and Data Acquisition (SCADA) solution used mainly in Denmark and the US.
An input validation error in the Data Collector service (**dc.exe**
) when processing certain commands can be exploited to execute any program on the system via a specially crafted packet containing directory traversal specifiers sent to the Data Collector service port, TCP port 12397.
Upgrade to **dc.exe**
version 9.00.00.11083 or higher. Control system devices and networks should not be directly connected to the Internet. Those that are should be behind firewalls, and isolated from business networks.
<http://secunia.com/advisories/43849/>
<http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf>
Exploit works on 7-Technologies IGSS 9.0.
This exploit makes use of a another 7-Technologies IGSS vulnerability (CVE-2011-1565), this one in the Data Server service (TCP port 12401), to upload an executable file to the target system.
Windows