OTPulse
FeedAboutContact

7-Technologies IGSS 8 ODBC Server Remote Heap Corruption

Act Now9.8ICS-CERT ICSA-11-018-02Oct 21, 2011
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

7-Technologies IGSS 8|9 ODBC Server contains a heap corruption vulnerability (CWE-241) in its network packet handling. An attacker can send malformed packets to the ODBC server to trigger heap corruption and achieve remote code execution. Affected versions are IGSS 8 and IGSS 9. The vendor has not released a patch for this vulnerability.

What this means
What could happen
An attacker could send specially crafted packets to the IGSS ODBC server to corrupt heap memory, allowing remote code execution on the historian or data logging system that supports your SCADA operations.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators using IGSS 8 or 9 as a historian or data logging system should prioritize this vulnerability. Any facility relying on IGSS for operational data collection, trending, or long-term event logging is at risk.
How it could be exploited
An attacker on the network sends a malformed packet to the ODBC server port on the IGSS 8|9 system. The packet triggers a heap corruption vulnerability that allows the attacker to execute arbitrary code with the privileges of the IGSS service, potentially gaining control of data logging and historian functions critical to plant monitoring.
Prerequisites
  • Network access to IGSS ODBC server port
  • IGSS 8|9 installation exposed to untrusted network
  • No authentication required
Remotely exploitableNo authentication requiredLow complexityNo patch availableHigh EPSS score (13%)
Exploitability
High exploit probability (EPSS 13.0%)
Affected products (1)
ProductAffected VersionsFix Status
IGSS: 8|98|9No fix yet
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGImplement network segmentation: restrict access to IGSS ODBC server port from engineering workstations and servers only; deny access from untrusted networks or the internet
WORKAROUNDDeploy host-based firewall rules to allow only required connections to the IGSS ODBC server
WORKAROUNDDisable ODBC remote access if not operationally required
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to the ODBC server for suspicious packet patterns and unusual connection attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/28649eb2-43ee-40cf-ac73-9b32561af573
7-Technologies IGSS 8 ODBC Server Remote Heap Corruption | CVSS 9.8 - OTPulse