7-Technologies Data Server Denial of Service
Act NowICS-CERT ICSA-11-335-01Sep 3, 2011
Summary
A buffer overflow or memory corruption vulnerability in 7-Technologies IGSS Data Server version 9.0.0.11200 allows remote attackers to crash the service without authentication. The vulnerability is classified under CWE-119 (improper restriction of operations within the bounds of a memory buffer). No vendor patch is available for this version.
What this means
What could happen
An attacker could crash the IGSS Data Server, stopping the collection and distribution of real-time data to SCADA monitoring and control systems, which could leave operators without visibility of plant conditions.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators using 7-Technologies IGSS (Integrated Graphical SCADA System) Data Server for real-time process monitoring and control data distribution. Any organization relying on IGSS Data Server version 9.0.0.11200 for supervisory control or data acquisition is affected.
How it could be exploited
An attacker with network access to the IGSS Data Server (typically port 12401 or similar) could send a specially crafted message that triggers a buffer overflow or memory corruption, causing the service to crash and deny service to all connected clients including HMI workstations and control logic that rely on the data stream.
Prerequisites
- Network access to IGSS Data Server on its listening port
- No authentication credentials required
remotely exploitableno authentication requiredlow complexityhigh EPSS score (77.3%)no patch availableaffects data availability
Exploitability
High exploit probability (EPSS 77.3%)
Affected products (1)
ProductAffected VersionsFix Status
7T IGSS Data Server: 9.0.0.112009.0.0.11200No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate IGSS Data Server on a dedicated network segment or VLAN, restrict inbound network access to only authorized engineering workstations and control systems that require real-time data
HARDENINGDeploy a firewall rule or network access control list to block unexpected connections to the Data Server port
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor IGSS Data Server process for unexpected crashes or restarts and configure automated alerting
Long-term hardening
0/1HOTFIXEvaluate upgrade options to a newer version of IGSS or alternative data server software that includes patches for buffer overflow vulnerabilities
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ba1d9d25-9dfa-42a5-81f1-349d9215cda8