CVE-2011-1568

Name of the Vulnerable Software and Affected Versions 7-Technologies Interactive Graphical SCADA System (IGSS) versions 9.00.00.11063 and earlier, 9.00.00.11074

Description The issue is related to a format string vulnerability in the logText function in shmemmgr9.dll, which is part of IGSSdataServer.exe. This vulnerability can be exploited by remote attackers to cause a denial of service and possibly execute arbitrary code. The vulnerability is demonstrated using the RMS Reports Delete command and is related to the logging of messages to GSST.LOG.

Recommendations For versions 9.00.00.11063 and earlier, and 9.00.00.11074, consider disabling the logText function in shmemmgr9.dll as a temporary workaround until a patch is available. Restrict access to the RMS Reports Delete command to minimize the risk of exploitation. Avoid using the logging feature to GSST.LOG until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.