CVE-2011-1565

Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/46936	Exploit
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf	US Government Resource
http://www.exploit-db.com/exploits/17024	Exploit
http://aluigi.org/adv/igss_1-adv.txt	Exploit
http://secunia.com/advisories/43849	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0741	Vendor Advisory
http://securityreason.com/securityalert/8178

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:7t:igss:*:*:*:*:*:*:*:*

Information

Published : 2011-04-05 08:19

Updated : 2011-09-21 20:30

NVD link : CVE-2011-1565

Mitre link : CVE-2011-1565

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

Products Affected

7t

igss

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/46936", "name": "46936", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf", "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf", "tags": ["US Government Resource"], "refsource": "MISC"}, {"url": "http://www.exploit-db.com/exploits/17024", "name": "17024", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "http://aluigi.org/adv/igss_1-adv.txt", "name": "http://aluigi.org/adv/igss_1-adv.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/43849", "name": "43849", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0741", "name": "ADV-2011-0741", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://securityreason.com/securityalert/8178", "name": "8178", "tags": [], "refsource": "SREASON"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\\ (dot dot backslash) sequences to TCP port 12401."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-1565", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-04-05T15:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:7t:igss:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-09-22T03:30Z"}