Vulnerability CVE-2011-1565


Published: 2011-04-05   Modified: 2012-02-13

Description:
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
IGSSdataServer.exe <= 9.00.00.11063 directory traversal
Luigi Auriemma
07.04.2011

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
7T -> IGSS 

 References:
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf
http://www.vupen.com/english/advisories/2011/0741
http://www.securityfocus.com/bid/46936
http://www.exploit-db.com/exploits/17024
http://securityreason.com/securityalert/8178
http://secunia.com/advisories/43849
http://aluigi.org/adv/igss_1-adv.txt

Copyright 2024, cxsecurity.com

 

Back to Top