Home -> Resources -> SCADA/ICS Vulnerability Reference -> 7-Technologies IGSS

7-Technologies IGSS Data Server Buffer Overflow Vulnerability

December 20, 2011

Security researcher UCQ from the Cyber Defense Institute, Inc. has identified a buffer overflow vulnerability in the 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) Data Server application.

7T has produced a patch to resolve this vulnerability. The Cyber Defense Institute, Inc. has tested the patch and confirmed that it resolves the reported vulnerability.

This vulnerability can be exploited by sending a specially crafted packet to port 12401/tcp. Successful exploitation of this vulnerability can allow an attacker to execute a remote denial of service (DoS) against the 7T data server on the targeted host computer, resulting in adverse application conditions.

Affected products include:
-  Version 9.0.0.11200 - IGSS Data Server

ICS-CERT Advisories / Alerts

ICSA-11-335-01
ICSA-11-335-01P (released on Dec. 1, 2011 via US-CERT secure Portal)

Vendor Website (include Patches / Hotfixes)

7 Technologies IGSS Product Info
IGSS Free SCADA Software Download
IGSS Patch
IGSS Product Download Page (includes previous versions of software)

Exploit Proof-of-Concept

Exploit-DB ID 17772
Security Focus (ID 50047)
No public exploit is available at this time.

Common Vulnerability & Exposure (CVE) References

CVE-2011-4050
NVD CVE-2011-4050

Additional Information

Secunia Advisory #47327
Secunia Vulnerability Report and Statistics on IGSS 9.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 51146

7-Technologies Patches Vulnerability (ISSSource)