Sign-up

ID

VAR-201112-0060


CVE

CVE-2011-4537


TITLE

7-Technologies Interactive Graphical SCADA System Buffer Overflow Vulnerability

Trust: 1.1

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5414 // BID: 51157

DESCRIPTION

Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP port (1) 12397 or (2) 12399. The 7T Interactive Graphical SCADA System is an automated monitoring and control system. This vulnerability can be triggered by sending more than a specially crafted data message to TCP 12399 or 12397. 7-Technologies Interactive Graphical SCADA System is prone to a buffer-overflow vulnerability. Failed exploit attempts likely result in denial-of-service conditions. 7-Technologies Interactive Graphical SCADA System 9.0.0.11355 and prior versions are vulnerable

Trust: 2.61

sources: NVD: CVE-2011-4537 // JVNDB: JVNDB-2011-003552 // CNVD: CNVD-2011-5414 // BID: 51157 // IVD: 454a46ac-2354-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5414

AFFECTED PRODUCTS

vendor:7tmodel:igssscope:lteversion:9.0.0.11355

Trust: 1.0

vendor:7model:interactive graphical scada systemscope:eqversion:8

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:9

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:9.0.0.11143

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:9.0.0.11200

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:9.0.0.11355

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:7

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:eqversion:9.0.0.11129

Trust: 0.9

vendor:7model:interactive graphical scada systemscope:lteversion:9.0.0.11355

Trust: 0.8

vendor:7tmodel:igssscope:eqversion:9.0.0.11355

Trust: 0.6

vendor:igssmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5414 // BID: 51157 // JVNDB: JVNDB-2011-003552 // CNNVD: CNNVD-201112-405 // NVD: CVE-2011-4537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4537
value: HIGH

Trust: 1.0

NVD: CVE-2011-4537
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201112-405
value: HIGH

Trust: 0.6

IVD: 454a46ac-2354-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2011-4537
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 454a46ac-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-003552 // CNNVD: CNNVD-201112-405 // NVD: CVE-2011-4537

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-003552 // NVD: CVE-2011-4537

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-405

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201112-405

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003552

PATCH
title:Top Pageurl:http://www.igss.com/index.htm\
Trust: 0.8
title:7-Technologies Interactive Graphical SCADA System Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/6431
Trust: 0.6
title:progupdatesv90url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42233
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-5414 // 
            
            
            
            JVNDB: JVNDB-2011-003552 // 
            
            
            
            CNNVD: CNNVD-201112-405

EXTERNAL IDS
db:NVDid:CVE-2011-4537
Trust: 3.5
db:ICS CERTid:ICSA-11-355-01
Trust: 3.3
db:OSVDBid:77977
Trust: 1.6
db:BIDid:51157
Trust: 0.9
db:CNVDid:CNVD-2011-5414
Trust: 0.8
db:CNNVDid:CNNVD-201112-405
Trust: 0.8
db:JVNDBid:JVNDB-2011-003552
Trust: 0.8
db:XFid:71931
Trust: 0.6
db:NSFOCUSid:18381
Trust: 0.6
db:IVDid:454A46AC-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 454a46ac-2354-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2011-5414 // 
            
            
            
            BID: 51157 // 
            
            
            
            JVNDB: JVNDB-2011-003552 // 
            
            
            
            CNNVD: CNNVD-201112-405 // 
            
            
            
            NVD: CVE-2011-4537

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-355-01-7.pdf
Trust: 3.3
url:http://www.osvdb.org/77977
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/71931
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4537
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4537
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/71931
Trust: 0.6
url:http://www.securityfocus.com/bid/51157
Trust: 0.6
url:http://www.nsfocus.net/vulndb/18381
Trust: 0.6
url:http://www.igss.com/index.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2011-5414 // 
            
            
            
            BID: 51157 // 
            
            
            
            JVNDB: JVNDB-2011-003552 // 
            
            
            
            CNNVD: CNNVD-201112-405 // 
            
            
            
            NVD: CVE-2011-4537

CREDITS
Celil Unuver of SignalSEC LLC
Trust: 0.9
sources:
            
            
            BID: 51157 // 
            
            
            
            CNNVD: CNNVD-201112-405

SOURCES
db:IVDid:454a46ac-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5414
db:BIDid:51157
db:JVNDBid:JVNDB-2011-003552
db:CNNVDid:CNNVD-201112-405
db:NVDid:CVE-2011-4537

LAST UPDATE DATE
2024-08-14T15:14:13.486000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-5414date:2011-12-23T00:00:00
db:BIDid:51157date:2011-12-21T00:00:00
db:JVNDBid:JVNDB-2011-003552date:2011-12-28T00:00:00
db:CNNVDid:CNNVD-201112-405date:2012-01-06T00:00:00
db:NVDid:CVE-2011-4537date:2017-08-29T01:30:30.520

SOURCES RELEASE DATE
db:IVDid:454a46ac-2354-11e6-abef-000c29c66e3ddate:2011-12-23T00:00:00
db:CNVDid:CNVD-2011-5414date:2011-12-23T00:00:00
db:BIDid:51157date:2011-12-21T00:00:00
db:JVNDBid:JVNDB-2011-003552date:2011-12-28T00:00:00
db:CNNVDid:CNNVD-201112-405date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4537date:2011-12-27T04:01:39.890