7T Interactive Graphical SCADA System dc.exe Directory Traversal

Added: 06/03/2011
CVE: CVE-2011-1566
BID: 46936
OSVDB: 72349

Background

7-Technologies Interactive Graphical SCADA System (IGSS) is a Supervisory Control and Data Acquisition (SCADA) solution used mainly in Denmark and the US.

Problem

An input validation error in the Data Collector service (dc.exe) when processing certain commands can be exploited to execute any program on the system via a specially crafted packet containing directory traversal specifiers sent to the Data Collector service port, TCP port 12397.

Resolution

Upgrade to dc.exe version 9.00.00.11083 or higher. Control system devices and networks should not be directly connected to the Internet. Those that are should be behind firewalls, and isolated from business networks.

References

http://secunia.com/advisories/43849/
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf

Limitations

Exploit works on 7-Technologies IGSS 9.0.

This exploit makes use of a another 7-Technologies IGSS vulnerability (CVE-2011-1565), this one in the Data Server service (TCP port 12401), to upload an executable file to the target system.

Platforms

Windows

Back to exploit index