Pages

7T IGSS Stack Overflow Vulnerability Three

Vulnerability

Multiple vulnerabilities have been identified in 7T Interactive Graphical SCADA System (IGSS), which could be exploited by remote attackers to disclose or manipulate data, cause a denial of service or take complete control of a vulnerable system. These issues are caused by input and access validation errors, and buffer overflows in the “IGSSdataServer.exe” and “dc.exe” components when processing malformed data sent to ports 12401/TCP and 12397/TCP, which could be exploited by remote attackers to crash an affected component, download or upload arbitrary files, or execute arbitrary code on a vulnerable system.

IGSSdataServer.exe is a server running on port 12401 active when the project is started.

The opcode 0×8 is used for handling the STDREP requests and through the command 0×4 is possible to exploit a buffer overflow caused by the building of a SQL query using a stack buffer of 256 bytes:

0040A4B5 . 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4]
0040A4B8 . 8B48 16 MOV ECX,DWORD PTR DS:[EAX+16]
0040A4BB . 51 PUSH ECX
0040A4BC . 83C0 1A ADD EAX,1A
0040A4BF . 50 PUSH EAX
0040A4C0 . 68 7C984300 PUSH 0043987C ; “UPDATE ReportFormats SET RMSref={%s} WHERE (FormatID=%d)”
0040A4C5 . 8BD7 MOV EDX,EDI
0040A4C7 . 52 PUSH EDX
0040A4C8 . E8 9D620100 CALL 0042076A ; sprintf

Affected Systems

  • All versions of IGSSdataServer.exe 9.00.00.11063 and older

Impact

An unauthenticated, remote attacker can exploit a stack overflow vulnerability to create a denial of service condition, execute arbitrary code on affected systems to gain remote control of the system, or cause it to crash.

Detection

Digital Bond has not released a Quickdraw IDS Signature for this vulnerability at this time.

Remediation

-Reported vulnerability only affects IGSS when being run without a firewall.
-A security patch has been released which is available through normal update procedures.

External Links

ICS−ALERT-11-080-03 MULTIPLE VULNERABILITIES IN 7-TECHNOLOGIES IGSS