Intrusion Prevention

7-Technologies.IGSS.SCADA.System.Memory.Corruption

Description

This indicates an attack attempt against multiple Memory Corruption vulnerabilities in 7-Technologies IGSS (Interactive Graphical SCADA system).
This issue is caused by an error in IGSSdataServer.exe when handling malformed commands. It may allow remote attackers to execute arbitrary code by sending a crafted client request to port 12401.

Affected Products

7-Technologies IGSS IGSSdataServer.exe 9.00.00.11063 and earlier.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor supplied patch for this issue.

CVE References

CVE-2011-1568 CVE-2011-1567