IGSS Data Server Directory Traversal Arbitrary File Access

medium Nessus Plugin ID 52962

Synopsis

The remote SCADA service is affected by a directory traversal vulnerability.

Description

The remote service appears to be an instance of IGSS Data Server that fails to sanitize requests to the 'ReadFile()' function of directory traversal sequences.

IGSS (Interactive Graphical SCADA System) is a SCADA system for process control and supervision developed by 7-Technologies.
Exploitation of this issue allows unauthenticated, remote attackers to retrieve arbitrary files via the affected service using a specially crafted request packet.

Note that this install of IGSS is likely affected by several other serious vulnerabilities, including multiple buffer overflows and arbitrary command execution, although this plugin has not checked for them.

Solution

Contact the vendor for a patch.

See Also

http://aluigi.altervista.org/adv/igss_1-adv.txt

https://seclists.org/bugtraq/2011/Mar/187

Plugin Details

Severity: Medium

ID: 52962

File Name: scada_igss_dir_traversal.nbin

Version: 1.62

Type: remote

Family: SCADA

Published: 3/24/2011

Updated: 2/14/2022

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:F/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:schneider-electric:interactive_graphical_scada_system

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/25/2011

Vulnerability Publication Date: 3/21/2011

Exploitable With

Metasploit (7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities)

Reference Information

CVE: CVE-2011-1565

BID: 46936

EDB-ID: 17024

ICS-ALERT: 11-080-03