CVE-2011-1567

EPSS 69.6%

Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.

Affected products

n/a · n/a

public PoCs found — 4

cve_referencewww.exploit-db.com/exploits/17024unverified exploitdbwww.exploit-db.com/exploits/17374unverified exploitdbwww.exploit-db.com/exploits/17300unverified exploitdbwww.exploit-db.com/exploits/17024unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://aluigi.org/adv/igss_2-adv.txt http://aluigi.org/adv/igss_3-adv.txt http://aluigi.org/adv/igss_4-adv.txt http://aluigi.org/adv/igss_5-adv.txt http://aluigi.org/adv/igss_7-adv.txt http://secunia.com/advisories/43849 http://securityreason.com/securityalert/8179 http://securityreason.com/securityalert/8251 http://www.exploit-db.com/exploits/17024 http://www.securityfocus.com/bid/46936 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf http://www.vupen.com/english/advisories/2011/0741