ID

VAR-201112-0060


CVE

CVE-2011-4537


TITLE

7-Technologies Interactive Graphical SCADA System Buffer Overflow Vulnerability

Trust: 1.1

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5414 // BID: 51157

DESCRIPTION

Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP port (1) 12397 or (2) 12399. The 7T Interactive Graphical SCADA System is an automated monitoring and control system. This vulnerability can be triggered by sending more than a specially crafted data message to TCP 12399 or 12397. 7-Technologies Interactive Graphical SCADA System is prone to a buffer-overflow vulnerability. Failed exploit attempts likely result in denial-of-service conditions. 7-Technologies Interactive Graphical SCADA System 9.0.0.11355 and prior versions are vulnerable

Trust: 2.61

sources: NVD: CVE-2011-4537 // JVNDB: JVNDB-2011-003552 // CNVD: CNVD-2011-5414 // BID: 51157 // IVD: 454a46ac-2354-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5414

AFFECTED PRODUCTS

vendor:7tmodel:igssscope:lteversion:9.0.0.11355

Trust: 1.0

vendor:7model:interactive graphical scada systemscope:eqversion:8

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:9

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:9.0.0.11143

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:9.0.0.11200

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:9.0.0.11355

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:7

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:9.0.0.11129

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:lteversion:9.0.0.11355

Trust: 0.8

vendor:7tmodel:igssscope:eqversion:9.0.0.11355

Trust: 0.6

vendor:igssmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5414 // BID: 51157 // JVNDB: JVNDB-2011-003552 // CNNVD: CNNVD-201112-405 // NVD: CVE-2011-4537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4537
value: HIGH

Trust: 1.0

NVD: CVE-2011-4537
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201112-405
value: HIGH

Trust: 0.6

IVD: 454a46ac-2354-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2011-4537
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 454a46ac-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-003552 // CNNVD: CNNVD-201112-405 // NVD: CVE-2011-4537

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-003552 // NVD: CVE-2011-4537

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-405

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201112-405

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003552

PATCH

title:Top Pageurl:http://www.igss.com/index.htm\

Trust: 0.8

title:7-Technologies Interactive Graphical SCADA System Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/6431

Trust: 0.6

title:progupdatesv90url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42233

Trust: 0.6

sources: CNVD: CNVD-2011-5414 // JVNDB: JVNDB-2011-003552 // CNNVD: CNNVD-201112-405

EXTERNAL IDS

db:NVDid:CVE-2011-4537

Trust: 3.5

db:ICS CERTid:ICSA-11-355-01

Trust: 3.3

db:OSVDBid:77977

Trust: 1.6

db:BIDid:51157

Trust: 0.9

db:CNVDid:CNVD-2011-5414

Trust: 0.8

db:CNNVDid:CNNVD-201112-405

Trust: 0.8

db:JVNDBid:JVNDB-2011-003552

Trust: 0.8

db:XFid:71931

Trust: 0.6

db:NSFOCUSid:18381

Trust: 0.6

db:IVDid:454A46AC-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5414 // BID: 51157 // JVNDB: JVNDB-2011-003552 // CNNVD: CNNVD-201112-405 // NVD: CVE-2011-4537

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-11-355-01-7.pdf

Trust: 3.3

url:http://www.osvdb.org/77977

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/71931

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4537

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4537

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/71931

Trust: 0.6

url:http://www.securityfocus.com/bid/51157

Trust: 0.6

url:http://www.nsfocus.net/vulndb/18381

Trust: 0.6

url:http://www.igss.com/index.htm

Trust: 0.3

sources: CNVD: CNVD-2011-5414 // BID: 51157 // JVNDB: JVNDB-2011-003552 // CNNVD: CNNVD-201112-405 // NVD: CVE-2011-4537

CREDITS

Celil Unuver of SignalSEC LLC

Trust: 0.9

sources: BID: 51157 // CNNVD: CNNVD-201112-405

SOURCES

db:IVDid:454a46ac-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5414
db:BIDid:51157
db:JVNDBid:JVNDB-2011-003552
db:CNNVDid:CNNVD-201112-405
db:NVDid:CVE-2011-4537

LAST UPDATE DATE

2024-08-14T15:14:13.486000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5414date:2011-12-23T00:00:00
db:BIDid:51157date:2011-12-21T00:00:00
db:JVNDBid:JVNDB-2011-003552date:2011-12-28T00:00:00
db:CNNVDid:CNNVD-201112-405date:2012-01-06T00:00:00
db:NVDid:CVE-2011-4537date:2017-08-29T01:30:30.520

SOURCES RELEASE DATE

db:IVDid:454a46ac-2354-11e6-abef-000c29c66e3ddate:2011-12-23T00:00:00
db:CNVDid:CNVD-2011-5414date:2011-12-23T00:00:00
db:BIDid:51157date:2011-12-21T00:00:00
db:JVNDBid:JVNDB-2011-003552date:2011-12-28T00:00:00
db:CNNVDid:CNNVD-201112-405date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4537date:2011-12-27T04:01:39.890