Details of VAR-201112-0148

ID

VAR-201112-0148

CVE

CVE-2011-4050

TITLE

7-Technologies Interactive Graphical SCADA System Data Server Remote Denial Of Service Vulnerability

Trust: 1.1

sources: IVD: 4524b694-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5415 // BID: 51146

DESCRIPTION

Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401. The 7T Interactive Graphical SCADA System is an automated monitoring and control system. Attackers can exploit this issue to crash the application, denying service to legitimate users. 7-Technologies Interactive Graphical SCADA System 9.0.0.11200 is affected; other versions may also be vulnerable. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: 7-Technologies Interactive Graphical SCADA System Data Server Denial of Service SECUNIA ADVISORY ID: SA47327 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47327/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47327 RELEASE DATE: 2011-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/47327/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47327/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47327 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in version 9.0.0.11200. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits UCQ, Cyber Defense Institute, Inc. ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-335-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2011-4050 // JVNDB: JVNDB-2011-003551 // CNVD: CNVD-2011-5415 // BID: 51146 // IVD: 4524b694-2354-11e6-abef-000c29c66e3d // PACKETSTORM: 108088

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 4524b694-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5415

AFFECTED PRODUCTS

vendor:	7	model:	interactive graphical scada system	scope:	eq	version:	9.0.0.11200	Trust: 1.7
vendor:	7t	model:	igss	scope:	eq	version:	9.0.0.11200	Trust: 1.6
vendor:	igss	model:	-	scope:	eq	version:	9.0.0.11200	Trust: 0.2

sources: IVD: 4524b694-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5415 // BID: 51146 // JVNDB: JVNDB-2011-003551 // CNNVD: CNNVD-201112-402 // NVD: CVE-2011-4050

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4050
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4050
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201112-402
value:	MEDIUM
Trust: 0.6
IVD:	4524b694-2354-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2011-4050
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	4524b694-2354-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 4524b694-2354-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-003551 // CNNVD: CNNVD-201112-402 // NVD: CVE-2011-4050

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-003551 // NVD: CVE-2011-4050

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-402

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 4524b694-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201112-402

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003551

PATCH

title:	Top Page	url:	http://www.igss.com/index.htm\	Trust: 0.8
title:	7-Technologies Interactive Graphical SCADA System Data Server Remote Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/6433	Trust: 0.6

sources: CNVD: CNVD-2011-5415 // JVNDB: JVNDB-2011-003551

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4050	Trust: 3.5
db:	ICS CERT	id:	ICSA-11-335-01	Trust: 3.4
db:	OSVDB	id:	77976	Trust: 1.6
db:	CNVD	id:	CNVD-2011-5415	Trust: 0.8
db:	CNNVD	id:	CNNVD-201112-402	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-003551	Trust: 0.8
db:	SECUNIA	id:	47327	Trust: 0.8
db:	NSFOCUS	id:	18382	Trust: 0.6
db:	XF	id:	71915	Trust: 0.6
db:	BID	id:	51146	Trust: 0.3
db:	IVD	id:	4524B694-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	108088	Trust: 0.1

sources: IVD: 4524b694-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5415 // BID: 51146 // JVNDB: JVNDB-2011-003551 // PACKETSTORM: 108088 // CNNVD: CNNVD-201112-402 // NVD: CVE-2011-4050

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-335-01.pdf	Trust: 2.8
url:	http://www.osvdb.org/77976	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/71915	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4050	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4050	Trust: 0.8
url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-335-01.pdfhttp	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/71915	Trust: 0.6
url:	http://secunia.com/advisories/47327	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/18382	Trust: 0.6
url:	http://www.igss.com/index.htm	Trust: 0.3
url:	http://secunia.com/company/jobs/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=47327	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/47327/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/47327/#comments	Trust: 0.1

sources: CNVD: CNVD-2011-5415 // BID: 51146 // JVNDB: JVNDB-2011-003551 // PACKETSTORM: 108088 // CNNVD: CNNVD-201112-402 // NVD: CVE-2011-4050

CREDITS

Celil Unuver UCQ

Trust: 0.6

sources: CNNVD: CNNVD-201112-402

SOURCES

db:	IVD	id:	4524b694-2354-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-5415
db:	BID	id:	51146
db:	JVNDB	id:	JVNDB-2011-003551
db:	PACKETSTORM	id:	108088
db:	CNNVD	id:	CNNVD-201112-402
db:	NVD	id:	CVE-2011-4050

LAST UPDATE DATE

2025-04-11T23:10:00.241000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-5415	date:	2011-12-23T00:00:00
db:	BID	id:	51146	date:	2011-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2011-003551	date:	2011-12-28T00:00:00
db:	CNNVD	id:	CNNVD-201112-402	date:	2012-01-06T00:00:00
db:	NVD	id:	CVE-2011-4050	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	4524b694-2354-11e6-abef-000c29c66e3d	date:	2011-12-23T00:00:00
db:	CNVD	id:	CNVD-2011-5415	date:	2011-12-23T00:00:00
db:	BID	id:	51146	date:	2011-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2011-003551	date:	2011-12-28T00:00:00
db:	PACKETSTORM	id:	108088	date:	2011-12-22T11:31:45
db:	CNNVD	id:	CNNVD-201112-402	date:	2011-12-23T00:00:00
db:	NVD	id:	CVE-2011-4050	date:	2011-12-27T04:01:39.607