This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The remote SCADA service is affected by a directory traversal
The remote service appears to be an instance of IGSS Data Server that
fails to sanitize requests to the 'ReadFile()' function of directory
IGSS (Interactive Graphical SCADA System) is a SCADA system for
process control and supervision developed by 7-Technologies.
Exploitation of this issue allows unauthenticated, remote attackers to
retrieve arbitrary files via the affected service using a specially
crafted request packet.
Note that this install of IGSS is likely affected by several other
serious vulnerabilities, including multiple buffer overflows and
arbitrary command execution, although this plugin has not checked for
See also :
Contact the vendor for a patch.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true
Nessus Plugin ID: 52962 ()
Bugtraq ID: 46936
CVE ID: CVE-2011-1565
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.