Vulnerability Name: | CVE-2011-1566 (CCN-66597) | ||||||||
Assigned: | 2011-03-21 | ||||||||
Published: | 2011-03-21 | ||||||||
Updated: | 2012-05-12 | ||||||||
Summary: | Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-22 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MISC Type: UNKNOWN http://aluigi.org/adv/igss_8-adv.txt Source: CCN Type: Luigi Auriemma 21 Mar 2011 IGSS (Interactive Graphical SCADA System) Source: MITRE Type: CNA CVE-2011-1566 Source: CCN Type: SA43849 7-Technologies Interactive Graphical SCADA System Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 43849 Source: CCN Type: 7-Technologies Web site Interactive Graphical SCADA System Source: EXPLOIT-DB Type: Exploit 17024 Source: CCN Type: OSVDB ID: 72349 7-Technologies IGSS dc.exe Packet Handling Multiple Opcode Traversal Arbitrary Command Execution Source: BID Type: Exploit 46936 Source: CCN Type: BID-46936 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities Source: MISC Type: US Government Resource http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf Source: VUPEN Type: Vendor Advisory ADV-2011-0741 Source: XF Type: UNKNOWN igss-dc-directiory-traversal(66597) Source: CCN Type: Packet Storm Security [10-22-2013] Interactive Graphical SCADA System Remote Command Injection Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [03-22-2011] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [10-22-2013] | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |