CVE-2011-1566
7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.
Vulnerabilidad de salto de directorio en dc.exe 9.00.00.11059 y anterior en 7-Technologies Interactive Graphical SCADA System (IGSS), permite a atacantes remotos ejecutar programas de su elección a través de .. \ (punto punto barra invertida) en secuencias de códigos de operación (1 0xa) y (2 ) 0x17 al puerto TCP 12397.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-03-22 First Exploit
- 2011-04-05 CVE Reserved
- 2011-04-05 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://aluigi.org/adv/igss_8-adv.txt | X_refsource_misc | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf | Us Government Resource |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/17024 | 2011-03-22 | |
| https://www.exploit-db.com/exploits/29129 | 2013-10-22 | |
| http://www.exploit-db.com/exploits/17024 | 2024-08-06 | |
| http://www.securityfocus.com/bid/46936 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/43849 | 2012-05-12 | |
| http://www.vupen.com/english/advisories/2011/0741 | 2012-05-12 |