CVE-2011-1565
published 2011-04-05CVE-2011-1565: Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote…
PriorityP273critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
64.06%
99.1th percentile
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect directory traversal attempts using '..\ ' sequences in TCP traffic destined for port 12401 (IGSSdataServer.exe). Focus on opcodes 0x02 (write/create) and 0x03 (read) in packet payloads. ↗
- →Monitor TCP port 12397 (dc.exe) for opcode 0x0A and 0x17 packets, which can trigger arbitrary executable launch via directory traversal. Payload delivery via opcode 0x0D on port 12401 followed by opcode 0x0A on port 12397 is the Metasploit exploitation chain. ↗
- →Alert on new processes spawned by dc.exe (port 12397), especially unexpected executables created via CreateProcessA, as this is the code execution mechanism used by the exploit. ↗
- →Detect opcode 0x8 / command 0x4 packets to port 12401 that contain oversized SQL-related fields, indicative of the STDREP stack buffer overflow (256-byte stack buffer for SQL query construction). ↗
- ·The directory traversal and command execution vulnerabilities affect IGSSdataServer.exe version 9.00.00.11063 and earlier; verify the exact version in your environment before applying detections. ↗
- ·No vendor fix was available at the time of disclosure; network-level blocking of TCP ports 12401 and 12397 from untrusted sources is the primary mitigation. ↗
- ·The stack overflow via opcode 0x8/command 0x4 exploitability for code execution was not confirmed at time of disclosure. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities
exploitdb·2011-03-22
CVE-2011-1568 7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities
7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities
---
Sources:
http://aluigi.org/adv/igss_1-adv.txt
http://aluigi.org/adv/igss_2-adv.txt
http://aluigi.org/adv/igss_3-adv.txt
http://aluigi.org/adv/igss_4-adv.txt
http://aluigi.org/adv/igss_5-adv.txt
http://aluigi.org/adv/igss_6-adv.txt
http://aluigi.org/adv/igss_7-adv.txt
http://aluigi.org/adv/igss_8-adv.txt
Advisory Archive: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17024-adv.tar.gz (igss_adv.tar.gz)
PoC Archive: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17024-poc.tar.gz (igss_poc.tar.gz)
#######################################################################
Luigi Auriemma
Application: IGSS (Interactive Graphical SCADA System)
http://www.igss.com
Metasploit
7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities
metasploit
7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities
7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities
This module exploits multiple vulnerabilities found on IGSS 9's Data Server and Data Collector services. The initial approach is first by transferring our binary with Write packets (opcode 0x0D) via port 12401 (igssdataserver.exe), and then send an EXE packet (opcode 0x0A) to port 12397 (dc.exe), which will cause dc.exe to run that payload with a CreateProcessA() function as a new thread.
No writeups or analysis indexed.
http://aluigi.org/adv/igss_1-adv.txthttp://secunia.com/advisories/43849http://securityreason.com/securityalert/8178http://www.exploit-db.com/exploits/17024http://www.securityfocus.com/bid/46936http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdfhttp://www.vupen.com/english/advisories/2011/0741http://aluigi.org/adv/igss_1-adv.txthttp://secunia.com/advisories/43849http://securityreason.com/securityalert/8178http://www.exploit-db.com/exploits/17024http://www.securityfocus.com/bid/46936http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdfhttp://www.vupen.com/english/advisories/2011/0741
2011-04-05
Published