IGSS Data Server Directory Traversal Arbitrary File Access

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.

Synopsis :

The remote SCADA service is affected by a directory traversal

Description :

The remote service appears to be an instance of IGSS Data Server that
fails to sanitize requests to the 'ReadFile()' function of directory
traversal sequences.

IGSS (Interactive Graphical SCADA System) is a SCADA system for
process control and supervision developed by 7-Technologies.
Exploitation of this issue allows unauthenticated, remote attackers to
retrieve arbitrary files via the affected service using a specially
crafted request packet.

Note that this install of IGSS is likely affected by several other
serious vulnerabilities, including multiple buffer overflows and
arbitrary command execution, although this plugin has not checked for

See also :


Solution :

Contact the vendor for a patch.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 52962 ()

Bugtraq ID: 46936

CVE ID: CVE-2011-1565

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now