7T Interactive Graphical SCADA System dc.exe Directory Traversal

Added: 06/03/2011
CVE: CVE-2011-1566
BID: 46936
OSVDB: 72349

Background

7-Technologies Interactive Graphical SCADA System (IGSS) is a Supervisory Control and Data Acquisition (SCADA) solution used mainly in Denmark and the US.

Problem

An input validation error in the Data Collector service (**dc.exe**) when processing certain commands can be exploited to execute any program on the system via a specially crafted packet containing directory traversal specifiers sent to the Data Collector service port, TCP port 12397.

Resolution

Upgrade to **dc.exe** version 9.00.00.11083 or higher. Control system devices and networks should not be directly connected to the Internet. Those that are should be behind firewalls, and isolated from business networks.

References

<http://secunia.com/advisories/43849/&gt;
<http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf&gt;

Limitations

Exploit works on 7-Technologies IGSS 9.0.

This exploit makes use of a another 7-Technologies IGSS vulnerability (CVE-2011-1565), this one in the Data Server service (TCP port 12401), to upload an executable file to the target system.

Platforms

Windows