This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote host contains a SCADA application that is affected by a
remote code execution vulnerability.
The 7-Technologies / Schneider-Electric Interactive Graphical SCADA
System (IGSS) application installed on the remote Windows host is a
version prior to 22.214.171.12443. It is, therefore, affected by a memory
corruption issue in the ODBC service due to improper sanitization of
user-supplied input. An unauthenticated, remote attacker can exploit
this, via a specially crafted structure in a packet sent to to TCP
port 22202, to cause a stack-based buffer overflow, resulting in the
execution arbitrary code with administrative privileges.
See also :
Upgrade to IGSS version 126.96.36.19943 or later.
Risk factor :
Critical / CVSS Base Score : 10.0