CVE-2011-1567

Name of the Vulnerable Software and Affected Versions 7-Technologies Interactive Graphical SCADA System (IGSS) version 9.00.00.11063 and earlier

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted commands. The affected commands include ListAll, Write File, ReadFile, Delete, RenameFile, and FileInfo in an 0xd opcode, as well as Add, ReadFile, Write File, Rename, Delete, and Add commands in an RMS report templates (0x7) opcode, and the 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.

Recommendations For 7-Technologies Interactive Graphical SCADA System (IGSS) version 9.00.00.11063 and earlier, consider restricting access to the IGSSdataServer.exe service to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the affected commands in opcodes 0xd, 0x7, and 0x8 to prevent potential crashes or code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.