NotCVE - vendor:"7t" product:"Igss"

Page 2 of 10 results (0.003 seconds)

CVSS: 10.0EPSS: 4%CPEs: 3EXPL: 0

CVE-2011-2214

https://notcve.org/view.php?id=CVE-2011-2214

Unspecified vulnerability in the Open Database Connectivity (ODBC) component in 7T Interactive Graphical SCADA System (IGSS) before 9.0.0.11143 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 20222, which triggers memory corruption related to an "invalid structure being used." Vulnerabilidad no especificada en el componente Open Database Connectivity (ODBC) en 7T Interactive Graphical SCADA System (IGSS) antes de v9.0.0.11143 permite a atacantes remotos ejecutar código de su elección a través de un paquete manipulado para el puerto TCP 20222, lo que provoca daños en la memoria relacionado con una "estructura en uso no válida." • http://securityreason.com/securityalert/8265 http://www.securityfocus.com/archive/1/518110/100/0/threaded http://www.securityfocus.com/bid/47960 •

CVSS: 10.0EPSS: 43%CPEs: 1EXPL: 4

CVE-2011-1565 – 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-1565

Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401. Vulnerabilidad de salto de directorio en en IGSSdataServer.exe v9.00.00.11063 y anteriores en 7-Technologies Interactive Graphical SCADA System (IGSS) permite a atacantes remotos (1) lectura (código de operación 0x3) o (2) crear o escribir (código de operación 0x2) archivos de su elección a través de secuencias . . \ (punto punto barra invertida) en el puerto TCP 12401. • https://www.exploit-db.com/exploits/17024 http://aluigi.org/adv/igss_1-adv.txt http://secunia.com/advisories/43849 http://securityreason.com/securityalert/8178 http://www.exploit-db.com/exploits/17024 http://www.securityfocus.com/bid/46936 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf http://www.vupen.com/english/advisories/2011/0741 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 57%CPEs: 1EXPL: 4

CVE-2011-1568 – 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-1568

Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information. Vulnerabilidad de formato de cadena en la función logText en shmemmgr9.dll en IGSSdataServer.exe v9.00.00.11074, y v9.00.00.11063 y anteriores, en 7-Technologies Interactive Graphical SCADA System (IGSS) permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código de su elección, como se demostró con el comando RMS Reports Delete, relacionados con el registro de mensajes a GSST.LOG. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • https://www.exploit-db.com/exploits/17024 http://aluigi.org/adv/igss_6-adv.txt http://secunia.com/advisories/43849 http://securityreason.com/securityalert/8182 http://www.exploit-db.com/exploits/17024 http://www.securityfocus.com/bid/46936 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf http://www.vupen.com/english/advisories/2011/0741 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 10.0EPSS: 87%CPEs: 1EXPL: 4

CVE-2011-1566 – 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-1566

Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397. Vulnerabilidad de salto de directorio en dc.exe 9.00.00.11059 y anterior en 7-Technologies Interactive Graphical SCADA System (IGSS), permite a atacantes remotos ejecutar programas de su elección a través de .. \ (punto punto barra invertida) en secuencias de códigos de operación (1 0xa) y (2 ) 0x17 al puerto TCP 12397. • https://www.exploit-db.com/exploits/17024 https://www.exploit-db.com/exploits/29129 http://aluigi.org/adv/igss_8-adv.txt http://secunia.com/advisories/43849 http://www.exploit-db.com/exploits/17024 http://www.securityfocus.com/bid/46936 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf http://www.vupen.com/english/advisories/2011/0741 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 72%CPEs: 1EXPL: 11

CVE-2011-1567 – 7-Technologies IGSS 9 - IGSSdataServer .Rms Rename Buffer Overflow

https://notcve.org/view.php?id=CVE-2011-1567

Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401. Múltiples desbordamientos de búfer basados en pila en IGSSdataServer.exe v9.00.00.11063 y anterior en 7-Technologies Interactive Graphical SCADA System (IGSS) permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través los comandos manipulados (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, y (6) FileInfo con código de operación 0xd;; (7) los comandos Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, y (12) Add, comandos en un informe de las plantillas de RMS con código de operación(0x7), y el comando (13) 0x4 en una solicitud de STDREP con código de operación (0x8) en el puerto TCP 12401. • https://www.exploit-db.com/exploits/17374 https://www.exploit-db.com/exploits/17300 https://www.exploit-db.com/exploits/17024 http://aluigi.org/adv/igss_2-adv.txt http://aluigi.org/adv/igss_3-adv.txt http://aluigi.org/adv/igss_4-adv.txt http://aluigi.org/adv/igss_5-adv.txt http://aluigi.org/adv/igss_7-adv.txt http://secunia.com/advisories/43849 http://securityreason.com/securityalert/8179 http://securityreason.com/securityalert/8251 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

1 2