IGSS Data Server Directory Traversal Arbitrary File Access

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote SCADA service is affected by a directory traversal
vulnerability.

Description :

The remote service appears to be an instance of IGSS Data Server that
fails to sanitize requests to the 'ReadFile()' function of directory
traversal sequences.

IGSS (Interactive Graphical SCADA System) is a SCADA system for
process control and supervision developed by 7-Technologies.
Exploitation of this issue allows unauthenticated, remote attackers to
retrieve arbitrary files via the affected service using a specially
crafted request packet.

Note that this install of IGSS is likely affected by several other
serious vulnerabilities, including multiple buffer overflows and
arbitrary command execution, although this plugin has not checked for
them.

See also :

http://aluigi.org/adv/igss_1-adv.txt
http://archives.neohapsis.com/archives/bugtraq/2011-03/0190.html

Solution :

Contact the vendor for a patch.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 52962 ()

Bugtraq ID: 46936

CVE ID: CVE-2011-1565