7-Technologies IGSS Data Server Buffer Overflow Vulnerability
December 20, 2011
Security researcher UCQ from the Cyber Defense Institute,
Inc. has identified a buffer overflow vulnerability in the
7-Technologies (7T) Interactive Graphical SCADA System
(IGSS) Data Server application.
7T has produced a patch to resolve this vulnerability. The
Cyber Defense Institute, Inc. has tested the patch and
confirmed that it resolves the reported vulnerability.
This vulnerability can be exploited by sending a specially
crafted packet to port 12401/tcp. Successful exploitation of
this vulnerability can allow an attacker to execute a remote
denial of service (DoS) against the 7T data server on the
targeted host computer, resulting in adverse application
conditions.
Affected products include:
- Version 9.0.0.11200 - IGSS Data Server