CVE-2011-1566

Name of the Vulnerable Software and Affected Versions 7-Technologies Interactive Graphical SCADA System (IGSS) versions 9.00.00.11059 and earlier

Description The issue allows remote attackers to execute arbitrary programs via .. (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397. This is a directory traversal vulnerability in dc.exe.

Recommendations For versions 9.00.00.11059 and earlier, as a temporary workaround, consider restricting access to TCP port 12397 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.