7-Technologies IGSS ODBC Remote Stack Overflow

Act Now9.8ICS-CERT ICSA-11-119-01Jan 30, 2011

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

7-Technologies IGSS version 9 and earlier contain a stack buffer overflow vulnerability in the ODBC interface. An attacker can send a malformed ODBC packet over the network to trigger the overflow and execute arbitrary code with the privileges of the IGSS service. This affects the data server component that processes database queries from HMI clients and external systems.

What this means

What could happen

An attacker could remotely execute arbitrary code on the IGSS server with full system privileges, potentially allowing manipulation of the SCADA process setpoints, sensor readings, or complete shutdown of the industrial control system.

Who's at risk

Water utilities and municipal electric systems using 7-Technologies IGSS (Integrated Graphics SCADA System) for supervisory control and data monitoring. This affects any organization that relies on IGSS version 9 or earlier for real-time control of pumps, generators, substations, or treatment processes.

How it could be exploited

An attacker sends a specially crafted ODBC request over the network to port 1234 (IGSS ODBC service). The malformed input overflows a stack buffer in the ODBC handler, overwriting the return address and allowing the attacker to execute arbitrary code in the context of the IGSS service.

Prerequisites

Network access to IGSS ODBC service (default port 1234)
IGSS version 9 or earlier installed and running

Remotely exploitable without authenticationLow complexity attackHigh EPSS score (12.3%)No patch availableAffects supervisory control systemsDefault ODBC port exposed

Exploitability

High exploit probability (EPSS 12.3%)

Affected products (1)

ProductAffected VersionsFix Status

7T IGSS: <=9≤ 9No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate affected IGSS systems from direct network access using network segmentation or air-gapping if the system is critical and cannot be replaced

WORKAROUNDImplement firewall rules to restrict inbound connections to the IGSS ODBC service (port 1234) to only authorized engineering workstations and redundant systems

WORKAROUNDDisable ODBC remote access if local-only connectivity is sufficient for your process

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to the IGSS server for suspicious ODBC connection attempts and implement intrusion detection rules for malformed ODBC packets

Mitigations - no patch available

0/1

7T IGSS: <=9 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan replacement or upgrade of IGSS systems to a supported version; consider modern SCADA platforms with active security updates

CVEs (1)

CVE-2011-2959

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c7970f5a-15cd-4ba6-bee8-fa68471e20b3