7-Technologies IGSS < 10.0.0 ODBC Buffer Overflow RCE
Critical Nessus Plugin ID 89031
SynopsisThe remote host contains a SCADA application that is affected by a remote code execution vulnerability.
DescriptionThe 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) application installed on the remote Windows host is a version prior to 10.0.0. It is, therefore, affected by a stack-based buffer overflow condition in the ODBC service due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted packet sent to TCP port 22202, to cause a denial of service or to execute arbitrary code with administrative privileges.
SolutionUpgrade to IGSS version 10.0.0 or later.