Vulnerability Name: | CVE-2011-1568 (CCN-66595) | ||||||||
Assigned: | 2011-03-21 | ||||||||
Published: | 2011-03-21 | ||||||||
Updated: | 2011-09-22 | ||||||||
Summary: | Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. Note: some of these details are obtained from third party information. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:UR)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
| ||||||||
Vulnerability Type: | CWE-134 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: Luigi Auriemma 21 Mar 2011 IGSS (Interactive Graphical SCADA System) Source: MISC Type: Exploit http://aluigi.org/adv/igss_6-adv.txt Source: MITRE Type: CNA CVE-2011-1568 Source: CCN Type: SA43849 7-Technologies Interactive Graphical SCADA System Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 43849 Source: SREASON Type: UNKNOWN 8182 Source: CCN Type: 7-Technologies Web site Interactive Graphical SCADA System Source: EXPLOIT-DB Type: Exploit 17024 Source: CCN Type: OSVDB ID: 72351 7-Technologies IGSS IGSSdataServer.exe logText() Function Format String Source: BID Type: Exploit 46936 Source: CCN Type: BID-46936 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities Source: MISC Type: US Government Resource http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf Source: VUPEN Type: Vendor Advisory ADV-2011-0741 Source: XF Type: UNKNOWN igss-logtext-format-string(66595) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [03-22-2011] | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |