Schneider Electric Interactive Graphical SCADA System dc.exe Unspecified Buffer Overflow

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a SCADA application that is affected
by a buffer overflow vulnerability.

Description :

The installed version of IGSS is 9.x earlier than 9.0.0.12331 / 10.x
earlier than 10.0.0.12320. It is, therefore, reportedly affected by an
unspecified buffer overflow vulnerability.

By sending specially crafted packets to the dc.exe service on TCP port
12397, an unauthenticated, remote attacker could trigger a buffer
overflow resulting in arbitrary code execution or a denial of service
condition (service crash).

See also :

http://www.nessus.org/u?ce958287
http://www.nessus.org/u?68089eca

Solution :

Upgrade to IGSS version 9.0.0.12331 / 10.0.0.12320 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 64296 ()

Bugtraq ID: 57449

CVE ID: CVE-2013-0657