CVE-2011-1567

7-Technologies IGSS 9 - IGSSdataServer .Rms Rename Buffer Overflow

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.

Múltiples desbordamientos de búfer basados en pila en IGSSdataServer.exe v9.00.00.11063 y anterior en 7-Technologies Interactive Graphical SCADA System (IGSS) permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través los comandos manipulados (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, y (6) FileInfo con código de operación 0xd;; (7) los comandos Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, y (12) Add, comandos en un informe de las plantillas de RMS con código de operación(0x7), y el comando (13) 0x4 en una solicitud de STDREP con código de operación (0x8) en el puerto TCP 12401.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-03-22 First Exploit
2011-04-05 CVE Reserved
2011-04-05 CVE Published
2024-04-21 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (20)

URL	Tag	Source
http://securityreason.com/securityalert/8179	Third Party Advisory
http://securityreason.com/securityalert/8251	Third Party Advisory
http://www.securityfocus.com/bid/46936	Vdb Entry
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf	Us Government Resource
http://aluigi.altervista.org/adv/igss_2-adv.txt
https://www.cisa.gov/uscert/ics/advisories/ICSA-11-132-01A
http://aluigi.altervista.org/adv/igss_5-adv.txt

URL	Date	SRC
https://www.exploit-db.com/exploits/17374	2011-06-09
https://www.exploit-db.com/exploits/17300	2011-05-16
https://www.exploit-db.com/exploits/17024	2011-03-22
http://aluigi.org/adv/igss_2-adv.txt	2024-08-06
http://aluigi.org/adv/igss_3-adv.txt	2024-08-06
http://aluigi.org/adv/igss_4-adv.txt	2024-08-06
http://aluigi.org/adv/igss_5-adv.txt	2024-08-06
http://aluigi.org/adv/igss_7-adv.txt	2024-08-06
http://www.exploit-db.com/exploits/17024	2024-08-06
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/scada/igss9_igssdataserver_listall.rb	2011-03-24
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/scada/igss9_igssdataserver_rename.rb	2011-03-24

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/43849	2011-09-22
http://www.vupen.com/english/advisories/2011/0741	2011-09-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
7t Search vendor "7t"		Igss Search vendor "7t" for product "Igss"				*		-		Affected