U.S. Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. ICS-CERT. Industrial Control Systems Cyber Emergency Response Team.
TLP:WHITE

Advisory (ICSA-11-132-01A)

7-Technologies IGSS Denial of Service (Update A)

Original release date: June 06, 2011 | Last revised: November 19, 2013

Legal Notice

All information products included in http://ics-cert.us-cert.gov are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see http://www.us-cert.gov/tlp/.



Overview

ICS-CERT has become aware of multiple denial-of-service (DoS) vulnerabilities in the 7-Technologies  (7T) Interactive Graphical SCADA System (IGSS) supervisory control and data acquisition (SCADA) human-machine interface (HMI) application. All vulnerabilities are remotely exploitable.

7T has developed patches that resolve the reported vulnerabilities in the affected versions.

--------- Begin Update A Part 1 of 3 ----------

ICS-CERT and independent researcher Joel Langill have validated the patches.

--------- End Update A Part 1 of 3 ----------

Affected Products

--------- Begin Update A Part 2 of 3 ----------

The vulnerabilities do not affect 7T IGSS SCADA HMI Version 6.
The vulnerabilities affect 7T IGSS SCADA HMI Version 7 prior to Revision 10033.
The vulnerabilities affect 7T IGSS SCADA HMI Version 8 prior to Revision 11102.
The vulnerabilities affect 7T IGSS SCADA HMI Version 9 prior to Revision 11143.

--------- End Update A Part 2 of 3 ----------

Impact

Successful exploitation of the reported vulnerabilities can allow an attacker to perform a remote DoS attack against the 7T data server. This action can result in adverse application conditions and ultimately impact the production environment on which the SCADA system is used.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on the environment, architecture, and product implementation.

Background

7T, based in Denmark, creates monitoring and control systems that are primarily used in the United States, Europe, and South Asia. According to the 7T website, IGSS has been deployed in over 28,000 industrial plants in 50 countries worldwide.

7T IGSS HMI is used to control and monitor programmable logic controllers in industrial processes across multiple sectors including manufacturing, energy (oil and gas), and water.

Vulnerability Characterization

Denial of Service Vulnerability Overview

The DoS vulnerability occurs in the IGSSdataServer service on Port 12401/TCP and in the dc.exe service
on Port 12397/TCP.

Stack-Based Buffer Overflow Vulnerability Details

Exploitability

The DoS vulnerabilities reported can be remotely exploited by sending specially crafted packets to the vulnerable IGSSdataServer service or to the dc.exe service.

Existence of Exploit

Exploit code is publicly available for these vulnerabilities.

Difficulty

These vulnerabilities require moderate skills to exploit.

Mitigation

ICS-CERT recommends that customers of 7T IGSS software take the following mitigation steps:

--------- Begin Update A Part 3 of 3 ----------

Download and run the “IGSS Update” to install the corresponding version patch on the system:

--------- End Update A Part 3 of 3 ----------

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking
defensive measures.

The Control Systems Security Program (CSSP) also provides a section for control system security recommended practices on the CSSP page of the US-CERT website. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.


Contact Information

For any questions related to this report, please contact the NCCIC at:

Email: NCCICCUSTOMERSERVICE@hq.dhs.gov
Toll Free: 1-888-282-0870

For industrial control systems cybersecurity information:  http://ics-cert.us-cert.gov 
or incident reporting:  https://ics-cert.us-cert.gov/Report-Incident?

The NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top