CVE-2011-1567

IGSSdataServer.exe <9.00.00.11063 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2011-1567. PoCs published by Metasploit, Luigi Auriemma, Luigi Auriemma, Lincoln, including Metasploit module exploits/windows/scada/igss9_igssdataserver_rename.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in 7-Technologies IGSS 9 IGSSdataServer via the 'Rename', 'Delete', or 'Add' commands. It uses an egghunter to locate the payload in memory due to limited stack space.

Description

Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17374

This Metasploit module exploits a buffer overflow in 7-Technologies IGSS 9 IGSSdataServer via the 'Rename', 'Delete', or 'Add' commands. It uses an egghunter to locate the payload in memory due to limited stack space.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: 7-Technologies IGSS 9 IGSSdataServer
No auth needed
Prerequisites: Network access to IGSSdataServer on port 12401
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17300

This Metasploit module exploits a stack overflow in 7-Technologies IGSS <= v9.00.00 b11063 via a malformed ListAll command, allowing unauthenticated remote code execution by overwriting a structured exception handling record.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: 7-Technologies IGSS <= v9.00.00 b11063 (igssdataserver.exe)
No auth needed
Prerequisites: Network access to port 12401 · Target running vulnerable IGSS version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Luigi Auriemma · textremotewindows
https://www.exploit-db.com/exploits/17024

The exploit demonstrates multiple vulnerabilities in IGSSdataServer.exe, including directory traversal and remote stack overflows via crafted packets sent to port 12401. Proof-of-concept code is provided for downloading, uploading, and executing arbitrary files, as well as triggering buffer overflows.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IGSS (Interactive Graphical SCADA System) <= 9.00.00.11063
No auth needed
Prerequisites: Network access to port 12401 · IGSS project running
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/igss9_igssdataserver_rename.rb

This Metasploit module exploits a buffer overflow in 7-Technologies IGSS 9 IGSSdataServer via the 'Rename' command, achieving remote code execution through a multi-stage attack involving an egghunter and ROP chain.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: 7-Technologies IGSS 9 IGSSdataServer
No auth needed
Prerequisites: Network access to IGSSdataServer on port 12401 · Vulnerable version of IGSS 9
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Luigi Auriemma, Lincoln · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/igss9_igssdataserver_listall.rb

This Metasploit module exploits a stack-based buffer overflow in 7-Technologies IGSS IGSSdataServer.exe (CVE-2011-1567) via a malformed ListAll command, allowing unauthenticated remote code execution. It uses ROP chains and an egghunter to bypass DEP and execute arbitrary payloads.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: 7-Technologies IGSS up to version 9.00.00 b11063
No auth needed
Prerequisites: Network access to port 12401 · Target running vulnerable IGSS version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46936
Exploit x_refsource_misc
http://aluigi.org/adv/igss_2-adv.txt
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43849
Exploit x_refsource_misc
http://aluigi.org/adv/igss_4-adv.txt
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0741
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17024
Exploit x_refsource_misc
http://aluigi.org/adv/igss_5-adv.txt
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8179
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8251
Exploit x_refsource_misc
http://aluigi.org/adv/igss_3-adv.txt
Exploit x_refsource_misc
http://aluigi.org/adv/igss_7-adv.txt

Scores

EPSS 0.6962
EPSS Percentile 99.3%

Details

CWE
CWE-119
Status published
Products (1)
7t/igss
Published Apr 05, 2011
Tracked Since Feb 18, 2026