There is a buffer overflow vulnerability in the 7-Technologies (7T) IGSS Data Server application that could allow a remote denial of service (DoS) attack.
ICS-CERT coordinated the issue with 7T, which produced a patch to resolve this vulnerability. The Cyber Defense Institute, Inc., which identified the vulnerability, tested the patch and confirmed it resolves the reported vulnerability.
The product affected is Version 126.96.36.19900 of 7T IGSS Data Server.
Successful exploitation of this vulnerability can allow an attacker to execute a remote DoS against the 7T data server on the targeted host computer, resulting in adverse application conditions.
7T, based in Denmark, creates monitoring and control systems used primarily in the United States, Europe, and South Asia. The 7T IGSS human-machine interface (HMI) controls and monitors programmable logic controllers (PLCs) in industrial processes across multiple sectors including energy, manufacturing, oil and gas, and water, the company said.
An attacker can exploit this vulnerability by sending a specially crafted packet to Port 12401/TCP. A successful exploit will cause a buffer overflow that can result in a remote DoS against the 7T Data Server application on the targeted host. An attacker with a moderate skill level can exploit this vulnerability.
CVE-2011-4050 is the number assigned to the vulnerability.
7T developed a patch to address this vulnerability and has provided the following options to users that want to update their systems:
1. In the IGSSMaster application, select the menu item “Information and Support” and click “Update IGSS Software.” This will automatically download and install the updated module. This is the preferred method for updating the IGSS installation when the host computer has Internet access.
2. Access the update either by using the direct link or this set of instructions.
Instructions: Browse to the 7T IGSS website (www.igss.com). From the “Download” menu select the “Licensed Versions” option. From this page, select the Version 9 “Program updates (General)” to download a ZIP file containing all current updates for IGSS Version 9. Once the ZIP file (progupdatesv90.zip) has downloaded, manually unpack the ZIP file, and copy the entire contents to the \IGSS\ directory within the IGSS installation folder on the end user’s computer.