7-Technologies IGSS ODBC Remote Memory Corruption Vulnerability
July 8, 2011
The VUPEN Vulnerability Research Team has coordinated the
disclosure of a memory corruption vulnerability with
ICS-CERT. This vulnerability affects the 7-Technologies (7T) Interactive Graphical SCADA System
(IGSS) product.
This vulnerability affects all 7T IGSS versions prior to
9.0.0.11143.
7T has produced a patch to resolve this vulnerability.
VUPEN has tested the patch and
confirmed that it resolves the reported vulnerability.
The vulnerability is caused by a memory corruption error in
the Open Data Connectivity (ODBC) server component
(ODBCixv9se.exe) when processing
packets sent to port 20222/tcp, which could result in an
invalid structure being used. This can lead to an
exploitable condition.
Successful exploitation of this vulnerability can allow an
attacker to perform a number of malkcious actions
including denial of service (DoS) and arbitrary code
execution. this vulnerability is remotely exploitable.