7-Technologies IGSS < 9.0.0.11129 Multiple DoS Vulnerabilities

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a SCADA application that is affected
by multiple denial of service vulnerabilities.

Description :

The installed version of IGSS from 7-Technologies is earlier than
9.0.0.11129 and is, therefore, reportedly affected by several denial
of service vulnerabilities.

Using specially crafted packets to the IGSSdataServer service
listening on TCP port 12401 or the dc.exe service on TCP port 12397,
an unauthenticated, remote attacker can crash the 7T data server,
thereby denying service to legitimate users.

See also :

http://www.7t.dk/igss/igssupdates/v90/progupdatesv90.zip

Solution :

Apply the IGSS Update to upgrade to IGSS version 9.0.0.11129 or
later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 54291 ()

Bugtraq ID: 47864

CVE ID: