Vulnerability Name: | CVE-2011-1567 (CCN-66596) | ||||||||
Assigned: | 2011-03-21 | ||||||||
Published: | 2011-03-21 | ||||||||
Updated: | 2011-09-22 | ||||||||
Summary: | Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-119 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MISC Type: Exploit http://aluigi.org/adv/igss_2-adv.txt Source: CCN Type: Luigi Auriemma 21 Mar 2011 IGSS (Interactive Graphical SCADA System) Source: MISC Type: Exploit http://aluigi.org/adv/igss_3-adv.txt Source: MISC Type: Exploit http://aluigi.org/adv/igss_4-adv.txt Source: MISC Type: Exploit http://aluigi.org/adv/igss_5-adv.txt Source: MISC Type: Exploit http://aluigi.org/adv/igss_7-adv.txt Source: MITRE Type: CNA CVE-2011-1567 Source: CCN Type: SA43849 7-Technologies Interactive Graphical SCADA System Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 43849 Source: SREASON Type: UNKNOWN 8179 Source: SREASON Type: UNKNOWN 8251 Source: CCN Type: 7-Technologies Web site Interactive Graphical SCADA System Source: EXPLOIT-DB Type: Exploit 17024 Source: CCN Type: OSVDB ID: 72350 7-Technologies IGSS IGSSdataServer.exe STDREP Request SQL Query String Overflow Source: CCN Type: OSVDB ID: 72352 7-Technologies IGSS IGSSdataServer.exe RMS Reports Multiple Command Overflow Source: CCN Type: OSVDB ID: 72353 7-Technologies IGSS IGSSdataServer.exe Multiple Command Overflow Source: BID Type: UNKNOWN 46936 Source: CCN Type: BID-46936 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities Source: MISC Type: US Government Resource http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf Source: VUPEN Type: Vendor Advisory ADV-2011-0741 Source: XF Type: UNKNOWN igss-igssdataserver-bo(66596) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [03-22-2011] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [05-16-2011] | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |