cbcvebase.
CVE-2011-1566
published 2011-04-05

CVE-2011-1566: Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to…

PriorityP272critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
66.98%
99.2th percentile
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.

Detection & IOCsextracted from sources · hover to see the quote

port12397
port12401
processdc.exe
processIGSSdataServer.exe
commandopcode 0x17 with ..\..\..\..\..\..\..\..\..\..\..\..\ traversal payload to TCP port 12397
bytes
00000100 00000000 00000100 00000017 00000000 00000000 00000000 00000000 00000000 00000000 00000000
  • Monitor TCP port 12397 (dc.exe) for inbound packets containing opcode 0x17 (bytes 0x00000017 at offset 12) combined with directory traversal sequences (..\ repeated) in the payload body.
  • Monitor TCP port 12397 for inbound packets containing opcode 0x0A (bytes 0x0000000A at offset 12) with directory traversal sequences, as both opcodes 0xa and 0x17 are exploitable.
  • Alert on dc.exe spawning child processes (e.g., cmd.exe, calc.exe) via CreateProcessA, as exploitation causes dc.exe to run attacker-supplied payloads as a new thread.
  • Detect the Metasploit exploit packet structure: first 4-byte little-endian value 0x00000100, followed at offset 12 by 0x00000017, followed by the traversal string targeting windows\system32\cmd.exe.
  • Monitor TCP port 12401 (IGSSdataServer.exe) for Write packets using opcode 0x0D that may be used to stage a malicious binary prior to triggering execution via dc.exe on port 12397.
  • ·Payload space is constrained to 153 bytes for the command injection via opcode 0x17; attackers must stage or chain payloads to execute larger shellcode.
  • ·The directory traversal path depth uses 12 levels of ..\ to reach the filesystem root; the exact depth may vary depending on the IGSS installation path depth.
  • ·The stack overflow via opcode 0x8/command 0x4 on port 12401 (256-byte SQL buffer) has unclear exploitability for code execution and may only cause a crash.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.