CVE-2011-1565

7-Technologies IGSS <9.00.00.11063 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1565. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in IGSSdataServer.exe, including directory traversal and remote stack overflows via crafted packets sent to port 12401. Proof-of-concept code is provided for downloading, uploading, and executing arbitrary files, as well as triggering buffer overflows.

Description

Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.

Exploits (1)

exploitdb WORKING POC

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/17024

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in IGSSdataServer.exe, including directory traversal and remote stack overflows via crafted packets sent to port 12401. Proof-of-concept code is provided for downloading, uploading, and executing arbitrary files, as well as triggering buffer overflows.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IGSS (Interactive Graphical SCADA System) <= 9.00.00.11063

No auth needed

Prerequisites: Network access to port 12401 · IGSS project running

MITRE ATT&CK