Schneider Electric Interactive Graphical SCADA System (IGSS) is a supervisory control and data acquisition (SCADA) system designed to monitor and control industrial processes. The Data Collector (
**DC.exe**) component listens on port 12397/tcp.
A buffer overflow vulnerability in the
**DC.exe** executable allows remote arbitrary code execution when a malicious user sends a specially crafted request to port 12397/tcp.
This exploit was tested against Schneider Electric Interactive Graphical SCADA System 9.0 on Microsoft Windows Server 2003 SP2 English with DEP OptOut.