Vulnerability Name: | CVE-2011-1565 (CCN-66598) | ||||||||
Assigned: | 2011-03-21 | ||||||||
Published: | 2011-03-21 | ||||||||
Updated: | 2011-09-22 | ||||||||
Summary: | Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-22 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: Luigi Auriemma 21 Mar 2011 IGSS (Interactive Graphical SCADA System) Source: MISC Type: Exploit http://aluigi.org/adv/igss_1-adv.txt Source: MITRE Type: CNA CVE-2011-1565 Source: CCN Type: SA43849 7-Technologies Interactive Graphical SCADA System Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 43849 Source: SREASON Type: UNKNOWN 8178 Source: CCN Type: 7-Technologies Web site Interactive Graphical SCADA System Source: EXPLOIT-DB Type: Exploit 17024 Source: CCN Type: OSVDB ID: 72354 7-Technologies IGSS IGSSdataServer.exe Packet Handling Opcode 0xd Traversal Arbitrary File Manipulation Source: BID Type: Exploit 46936 Source: CCN Type: BID-46936 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities Source: MISC Type: US Government Resource http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf Source: VUPEN Type: Vendor Advisory ADV-2011-0741 Source: XF Type: UNKNOWN igss-igssdataserver-dir-traversal(66598) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [03-22-2011] | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |