CVE-2011-1568

7-Technologies IGSS <9.00.00.11074 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1568. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in IGSSdataServer.exe, including directory traversal and remote stack overflows via crafted packets sent to port 12401. Proof-of-concept code is provided for downloading, uploading, and executing arbitrary files, as well as triggering buffer overflows.

Description

Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/17024

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in IGSSdataServer.exe, including directory traversal and remote stack overflows via crafted packets sent to port 12401. Proof-of-concept code is provided for downloading, uploading, and executing arbitrary files, as well as triggering buffer overflows.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IGSS (Interactive Graphical SCADA System) <= 9.00.00.11063

No auth needed

Prerequisites: Network access to port 12401 · IGSS project running

MITRE ATT&CK