CVSS: 10.0EPSS: 57%CPEs: 1EXPL: 4CVE-2011-1568 – 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-1568
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information. Vulnerabilidad de formato de cadena en la función logText en shmemmgr9.dll en IGSSdataServer.exe v9.00.00.11074, y v9.00.00.11063 y anteriores, en 7-Technologies Interactive Graphical SCADA System (IGSS) permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código de su elección, como se demostró con el comando RMS Reports Delete, relacionados con el registro de mensajes a GSST.LOG. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • https://www.exploit-db.com/exploits/17024 http://aluigi.org/adv/igss_6-adv.txt http://secunia.com/advisories/43849 http://securityreason.com/securityalert/8182 http://www.exploit-db.com/exploits/17024 http://www.securityfocus.com/bid/46936 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf http://www.vupen.com/english/advisories/2011/0741 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 41%CPEs: 1EXPL: 4CVE-2011-1565 – 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-1565
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401. Vulnerabilidad de salto de directorio en en IGSSdataServer.exe v9.00.00.11063 y anteriores en 7-Technologies Interactive Graphical SCADA System (IGSS) permite a atacantes remotos (1) lectura (código de operación 0x3) o (2) crear o escribir (código de operación 0x2) archivos de su elección a través de secuencias . . \ (punto punto barra invertida) en el puerto TCP 12401. • https://www.exploit-db.com/exploits/17024 http://aluigi.org/adv/igss_1-adv.txt http://secunia.com/advisories/43849 http://securityreason.com/securityalert/8178 http://www.exploit-db.com/exploits/17024 http://www.securityfocus.com/bid/46936 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf http://www.vupen.com/english/advisories/2011/0741 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •