CVE-2011-1565

Sažetak

Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.

Reference

http://aluigi.org/adv/igss_1-adv.txt
http://secunia.com/advisories/43849
http://securityreason.com/securityalert/8178
http://www.exploit-db.com/exploits/17024
http://www.securityfocus.com/bid/46936
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf
http://www.vupen.com/english/advisories/2011/0741

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

22-09-2011 - 03:30

Objavljeno

05-04-2011 - 15:19