Schneider Electric Interactive Graphical SCADA System dc.exe Unspecified Buffer Overflow

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a SCADA application that is affected
by a buffer overflow vulnerability.

Description :

The installed version of IGSS is 9.x earlier than / 10.x
earlier than It is, therefore, reportedly affected by an
unspecified buffer overflow vulnerability.

By sending specially crafted packets to the dc.exe service on TCP port
12397, an unauthenticated, remote attacker could trigger a buffer
overflow resulting in arbitrary code execution or a denial of service
condition (service crash).

See also :

Solution :

Upgrade to IGSS version / or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 64296 ()

Bugtraq ID: 57449

CVE ID: CVE-2013-0657

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial