Schneider Electric Interactive Graphical SCADA System dc.exe Unspecified Buffer Overflow

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a SCADA application that is affected
by a buffer overflow vulnerability.

Description :

The installed version of IGSS is 9.x earlier than / 10.x
earlier than It is, therefore, reportedly affected by an
unspecified buffer overflow vulnerability.

By sending specially crafted packets to the dc.exe service on TCP port
12397, an unauthenticated, remote attacker could trigger a buffer
overflow resulting in arbitrary code execution or a denial of service
condition (service crash).

See also :

Solution :

Upgrade to IGSS version / or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 64296 ()

Bugtraq ID: 57449

CVE ID: CVE-2013-0657

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now