7-Technologies IGSS < DLL Loading Arbitrary Code Execution

high Nessus Plugin ID 59249


The remote Windows host contains a SCADA application that is affected by an insecure DLL loading vulnerability.


The installed version of IGSS from 7-Technologies is earlier than and is, therefore, potentially affected by an insecure DLL loading vulnerability.

Attackers may exploit this issue by placing a specially crafted DLL file and another file associated with the application in a location controlled by the attacker. When the associated file is launched, the attacker's arbitrary code can be executed.


Apply the IGSS Update to upgrade to IGSS version or later.

See Also


Plugin Details

Severity: High

ID: 59249

File Name: scada_igss_9_0_0_11291.nbin

Version: 1.54

Type: local

Agent: windows

Family: SCADA

Published: 5/23/2012

Updated: 7/19/2022

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

CVSS Score Source: CVE-2011-4053

Vulnerability Information

CPE: cpe:/a:schneider-electric:interactive_graphical_scada_system

Required KB Items: SCADA/Apps/7T/IGSS/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/16/2012

Vulnerability Publication Date: 1/16/2012

Reference Information

CVE: CVE-2011-4053

BID: 51438

ICSA: 11-353-01