Interactive Graphical SCADA System DLL Loading Arbitrary Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with Interactive Graphical SCADA System and is prone to code execution vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: System/Application

Solution

Apply the patch from below link, http://www.7t.dk/igss/igssupdates/v90/progupdatesv90.zip

Insight

This flaw is due to the application insecurely loading certain libraries from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a file from a network share.

Affected

7T Interactive Graphical SCADA System (IGSS) versions prior to 9.0.0.11291

References

http://www.securityfocus.com/bid/51438
http://www.us-cert.gov/control_systems/pdf/ICSA-11-353-01.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4053

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
Adobe Flash Media Server Multiple Remote Security Vulnerabilities
Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)

Take action and discover your vulnerabilities