1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: 7T IGSS Server Directory Traversal CVE-2011-1565

Attack: 7T IGSS Server Directory Traversal CVE-2011-1565

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote buffer overflow vulnerability in 7T Interactive Graphical SCADA System.

Additional Information

7T Interactive Graphical SCADA System is a SCADA application used for monitoring and controlling industrial processes.

7T Interactive Graphical SCADA System is prone to these vulnerabilities:

1. Multiple stack-based buffer-overflow issues occur in the 'IGSSdataServer.exe' service, which listens by default on TCP port 12401, when copying an overly long filename into a fixed-size buffer. These issues occur when handling the 'ListAll', 'Write File', 'ReadFile', 'Delete', 'RenameFile', and 'FileInfo' commands of the opcode 0xd.

2. A stack-based buffer-overflow issue occurs in the 'IGSSdataServer.exe' service, which listens by default on TCP port 12401, when copying an overly long client string into a fixed-size buffer. This issue occurs when handing the 'Add' command of the opcode 0x7.

3. Multiple stack-based buffer-overflow issues occur in the 'IGSSdataServer.exe' service, which listens by default on TCP port 12401, when copying an overly long full path string into a fixed-size buffer. These issues occur when handing the 'Read File' and 'Write File' commands of the opcode 0x7.

4. Multiple stack-based buffer-overflow issues occur in the 'IGSSdataServer.exe' service, which listens by default on TCP port 12401, when parsing 'Rename', 'Delete', and 'Add' commands of the opcode 0x7.

5. A stack-based buffer-overflow issue occurs in the 'IGSSdataServer.exe' service which listens by default on TCP port 12401, when processing the command 0x4 of the opcode 0x8. This issue occurs when building a SQL query.

6. A directory-traversal vulnerability that affects the 'IGSSdataServer.exe' service, which listens by default on TCP port 12401 may allow an attacker to download or overwrite arbitrary files of the system through commands 0x3 and 0x2 of the opcode 0xd.

7. A directory-traversal vulnerability affects the 'dc.exe' service, which listens by default on TCP port 12397, which may allow an attacker to execute arbitrary executable programs on the system through opcodes 0xa and 0x17.

8. A remote code-execution issue may occur when handling internal log messages with the 'Shmemmgr.logText()' function.

Exploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or perform unauthorized actions using directory traversal strings.

Affected

  • 7-Technologies Interactive Graphical SCADA System 9
  • 7-Technologies Interactive Graphical SCADA System 8
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube