Details of VAR-201104-0317

ID

VAR-201104-0317

TITLE

7T Interactive Graphical SCADA System ODBC Service Remote Stack Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-1633

DESCRIPTION

The 7T Interactive Graphical SCADA System is an automated monitoring and control system. The IGSS ODBC service component listens to the TCP 20222 port by default. The application layer protocol runs on TCP and reads the initialization message that specifies the subsequent follow-up data volume. The second time the location and data copied to the variable length buffer are read, and the next data parsing can trigger a buffer overflow. An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 0.99

sources: CNVD: CNVD-2011-1633 // BID: 47597 // IVD: d0f6d574-1f96-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: d0f6d574-1f96-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1633

AFFECTED PRODUCTS

vendor:	7	model:	interactive graphical scada system	scope:	-	version:	-	Trust: 0.6
vendor:	7	model:	interactive graphical scada system	scope:	eq	version:	0	Trust: 0.3
vendor:	7	model:	interactive graphical scada system	scope:	eq	version:	*	Trust: 0.2

sources: IVD: d0f6d574-1f96-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1633 // BID: 47597

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	d0f6d574-1f96-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

IVD:	d0f6d574-1f96-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0 [IVD]
Trust: 0.2

sources: IVD: d0f6d574-1f96-11e6-abef-000c29c66e3d

THREAT TYPE

network

Trust: 0.3

sources: BID: 47597

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 47597

PATCH

title:

7T Interactive Graphical SCADA System ODBC Service Remote Stack Buffer Overflow Vulnerability Patch

url:

https://www.cnvd.org.cn/patchinfo/show/3692

Trust: 0.6

sources: CNVD: CNVD-2011-1633

EXTERNAL IDS

db:	BID	id:	47597	Trust: 0.9
db:	CNVD	id:	CNVD-2011-1633	Trust: 0.8
db:	IVD	id:	D0F6D574-1F96-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: d0f6d574-1f96-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1633 // BID: 47597

REFERENCES

url:	http://www.insomniasec.com/advisories/isva-110427.1.htm	Trust: 0.9
url:	http://www.igss.com/	Trust: 0.3

sources: CNVD: CNVD-2011-1633 // BID: 47597

CREDITS

James Burton, Insomnia Security

Trust: 0.3

sources: BID: 47597

SOURCES

db:	IVD	id:	d0f6d574-1f96-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-1633
db:	BID	id:	47597

LAST UPDATE DATE

2022-05-17T02:00:11.917000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-1633	date:	2011-04-28T00:00:00
db:	BID	id:	47597	date:	2011-04-27T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	d0f6d574-1f96-11e6-abef-000c29c66e3d	date:	2011-04-28T00:00:00
db:	CNVD	id:	CNVD-2011-1633	date:	2011-04-28T00:00:00
db:	BID	id:	47597	date:	2011-04-27T00:00:00