|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | 7T Interactive Graphical SCADA System File Operations Buffer Overflows Vulnerability (CVE-2011-1567) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Multiple overflow vulnerabilities exist in 7T Interactive Graphical SCADA System (IGSS) that could be exploited by remote attackers to compromise a vulnerable system. The flaw is due to boundary errors in the handling of file operation requests sent to the server. Remote, unauthenticated attackers could exploit this vulnerability by sending a specially crafted packet to TCP port 12401 on the target. Successful exploitation would cause stack buffer overflows that could cause the host to become unresponsive, and may lead to code injection and execution in the context of the affected server, normally Administrator on Windows systems. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ExploitDB:17024 http://aluigi.org/adv/igss_2-adv.txt http://aluigi.org/adv/igss_3-adv.txt http://aluigi.org/adv/igss_4-adv.txt |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: http://www.igss.com/download/free-scada.aspx |