CVE-2011-1565

Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://aluigi.org/adv/igss_1-adv.txt	Exploit
http://secunia.com/advisories/43849	Vendor Advisory
http://securityreason.com/securityalert/8178
http://www.exploit-db.com/exploits/17024	Exploit
http://www.securityfocus.com/bid/46936	Exploit
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf	US Government Resource
http://www.vupen.com/english/advisories/2011/0741	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:7t:igss:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-04-05 15:19

Updated : 2023-12-10 11:03

NVD link : CVE-2011-1565

Mitre link : CVE-2011-1565

CVE.ORG link : CVE-2011-1565

JSON object : View

Products Affected

7t

igss

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2011-1565", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-04-05T15:19:35.993", "references": [{"url": "http://aluigi.org/adv/igss_1-adv.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43849", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/8178", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/17024", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/46936", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0741", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\\ (dot dot backslash) sequences to TCP port 12401."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en en IGSSdataServer.exe v9.00.00.11063 y anteriores en 7-Technologies Interactive Graphical SCADA System (IGSS) permite a atacantes remotos (1) lectura (c\u00f3digo de operaci\u00f3n 0x3) o (2) crear o escribir (c\u00f3digo de operaci\u00f3n 0x2) archivos de su elecci\u00f3n a trav\u00e9s de secuencias . . \\ (punto punto barra invertida) en el puerto TCP 12401."}], "lastModified": "2011-09-22T03:30:30.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:7t:igss:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16809388-2F66-409B-ACA0-6F662C940C5A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}