CVE-2011-1568
7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information.
Vulnerabilidad de formato de cadena en la función logText en shmemmgr9.dll en IGSSdataServer.exe v9.00.00.11074, y v9.00.00.11063 y anteriores, en 7-Technologies Interactive Graphical SCADA System (IGSS) permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código de su elección, como se demostró con el comando RMS Reports Delete, relacionados con el registro de mensajes a GSST.LOG. NOTA: algunos de estos detalles han sido obtenidos de información de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-03-22 First Exploit
- 2011-04-05 CVE Reserved
- 2011-04-05 CVE Published
- 2023-06-18 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://securityreason.com/securityalert/8182 | Third Party Advisory | |
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf | Us Government Resource |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/17024 | 2011-03-22 | |
http://aluigi.org/adv/igss_6-adv.txt | 2024-08-06 | |
http://www.exploit-db.com/exploits/17024 | 2024-08-06 | |
http://www.securityfocus.com/bid/46936 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/43849 | 2011-09-22 | |
http://www.vupen.com/english/advisories/2011/0741 | 2011-09-22 |