This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote SCADA service is affected by a directory traversal
The remote service appears to be an instance of IGSS Data Server that
fails to sanitize requests to the 'ReadFile()' function of directory
IGSS (Interactive Graphical SCADA System) is a SCADA system for
process control and supervision developed by 7-Technologies.
Exploitation of this issue allows unauthenticated, remote attackers to
retrieve arbitrary files via the affected service using a specially
crafted request packet.
Note that this install of IGSS is likely affected by several other
serious vulnerabilities, including multiple buffer overflows and
arbitrary command execution, although this plugin has not checked for
See also :
Contact the vendor for a patch.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true