ICS-CERT: 7-Technologies IGSS Data Server Vulnerability

Wednesday, December 21, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

ICS-Cert has publicly released an advisory for the 7-Technologies (7T) IGSS Data Server application.

The 7T IGSS human-machine interface (HMI) monitors and operates programmable logic controllers (PLCs) for industrial processes across numerous sectors including energy, manufacturing, oil and gas, and water. IGSS is reported to be deployed in over 28,000 industrial plants in 50 countries.

"This vulnerability can be exploited by sending a specially crafted packet to Port 12401/TCP. A successful exploit will cause a buffer overflow that can result in a remote DoS against the 7T Data Server application on the targeted host," the advisory explains.

A security researcher from the Cyber Defense Institute first identified the buffer overflow vulnerability in the application. Version 9.0.0.11200 of 7T IGSS Data Server is specifically affected.

"Successful exploitation of this vulnerability can allow an attacker to execute a remote denial of service (DoS) against the 7T data server on the targeted host computer, resulting in adverse application conditions. Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation," the advisory states.

The vulnerability was originally announced on December 01, 2011 in the US-CERT secure portal, but not publicly released until a software update to remedy the problem had been issued.

"ICS-CERT has coordinated with 7T, which has produced a patch to resolve this vulnerability. The Cyber Defense Institute, Inc. has tested the patch and confirmed that it resolves the reported vulnerability," ICS-CERT stated.

Mitigation:

7T has developed a patch to address this vulnerability and has provided the following options to customers who wish to update their systems:

1. In the IGSS Master application, select the menu item “Information and Support” and click “Update IGSS Software.” This will automatically download and install the updated module. This is the preferred method for updating the IGSS installation when the host computer has Internet access.

2. Access the update either by using the direct link or the instructions below: Direct link: http://www.7t.dk/igss/igssupdates/v90/progupdatesv90.zip

Instructions: Browse to the 7T IGSS website (www.igss.com). From the “Download” menu select the “Licensed Versions” option.

From this page, select the Version 9 “Program updates (General)” to download a ZIP file containing all current updates for IGSS Version 9. Once the ZIP file (progupdatesv90.zip) has downloaded, manually unpack the ZIP file, and copy the entire contents to the \IGSS\ directory within the IGSS installation folder on the end user’s computer.

The full ICS-CERT advisory can be found here:

Source: http://www.us-cert.gov/control_systems/pdf/ICSA-11-335-01.pdf

Possibly Related Articles:
14729
Network->General
Information Security
SCADA Vulnerabilities Headlines Mitigation Advisory ICS ICS-CERT Industrial Control Systems 7-Technologies IGSS Data Server
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.