7T IGSS Stack Overflow Vulnerability Three


Multiple vulnerabilities have been identified in 7T Interactive Graphical SCADA System (IGSS), which could be exploited by remote attackers to disclose or manipulate data, cause a denial of service or take complete control of a vulnerable system. These issues are caused by input and access validation errors, and buffer overflows in the “IGSSdataServer.exe” and “dc.exe” components when processing malformed data sent to ports 12401/TCP and 12397/TCP, which could be exploited by remote attackers to crash an affected component, download or upload arbitrary files, or execute arbitrary code on a vulnerable system.

IGSSdataServer.exe is a server running on port 12401 active when the project is started.

The opcode 0×8 is used for handling the STDREP requests and through the command 0×4 is possible to exploit a buffer overflow caused by the building of a SQL query using a stack buffer of 256 bytes:

0040A4B5 . 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4]
0040A4B8 . 8B48 16 MOV ECX,DWORD PTR DS:[EAX+16]
0040A4BB . 51 PUSH ECX
0040A4BC . 83C0 1A ADD EAX,1A
0040A4BF . 50 PUSH EAX
0040A4C0 . 68 7C984300 PUSH 0043987C ; “UPDATE ReportFormats SET RMSref={%s} WHERE (FormatID=%d)”
0040A4C5 . 8BD7 MOV EDX,EDI
0040A4C7 . 52 PUSH EDX
0040A4C8 . E8 9D620100 CALL 0042076A ; sprintf

Affected Systems

  • All versions of IGSSdataServer.exe and older


An unauthenticated, remote attacker can exploit a stack overflow vulnerability to create a denial of service condition, execute arbitrary code on affected systems to gain remote control of the system, or cause it to crash.


Digital Bond has not released a Quickdraw IDS Signature for this vulnerability at this time.


-Reported vulnerability only affects IGSS when being run without a firewall.
-A security patch has been released which is available through normal update procedures.

External Links