CVE-2011-1565
7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.
Vulnerabilidad de salto de directorio en en IGSSdataServer.exe v9.00.00.11063 y anteriores en 7-Technologies Interactive Graphical SCADA System (IGSS) permite a atacantes remotos (1) lectura (código de operación 0x3) o (2) crear o escribir (código de operación 0x2) archivos de su elección a través de secuencias . . \ (punto punto barra invertida) en el puerto TCP 12401.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-03-22 First Exploit
- 2011-04-05 CVE Reserved
- 2011-04-05 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://securityreason.com/securityalert/8178 | Third Party Advisory | |
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf | Us Government Resource |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/17024 | 2011-03-22 | |
http://aluigi.org/adv/igss_1-adv.txt | 2024-08-06 | |
http://www.exploit-db.com/exploits/17024 | 2024-08-06 | |
http://www.securityfocus.com/bid/46936 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/43849 | 2011-09-22 | |
http://www.vupen.com/english/advisories/2011/0741 | 2011-09-22 |