7-Technologies IGSS Remote Memory Corruption
All information products included in http://ics-cert.us-cert.gov are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see http://www.us-cert.gov/tlp/.
ICS-CERT has become aware of a memory corruption vulnerability that has been coordinated with 7-Technologies (7T) by the VUPEN Vulnerability Research Team. 7T has created a patch that fully resolves this vulnerability. VUPEN has confirmed that the patch resolves the vulnerability.
7T has created a patch that fully resolves this vulnerability. VUPEN has confirmed that the patch resolves the vulnerability.
This vulnerability affects all 7T Interactive Graphical SCADA System (IGSS) versions prior to 22.214.171.12443.
Successful exploitation of the reported vulnerabilities can allow an attacker to perform a number of malicious actions including denial of service (DoS) and arbitrary code execution. These actions can result in adverse application conditions and ultimately impact the process environment in which the SCADA system is deployed.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on the environment, architecture, and product implementation.
7T, based in Denmark, creates monitoring and control systems that are primarily used in the United States, Europe, and South Asia. According to the 7T website, IGSS has been deployed in over 28,000 industrial plants in 50 countries worldwide.
7T IGSS HMI is used to control and monitor programmable logic controllers in industrial processes across multiple sectors including energy, manufacturing, oil and gas, and water.
The vulnerability is caused by a memory corruption error in the Open Database Connectivity (ODBC) component when processing packets sent to port 20222/TCP, which could result in an invalid structure being used. This can lead to an exploitable condition.
This vulnerability can be remotely exploited by sending specially crafted code to the vulnerable ODBC service. If exploited, this vulnerability could allow the attacker to execute a malicious payload.
Existence of Exploit
No known public exploits specifically target this vulnerability.
These vulnerabilities require advanced skills to exploit.
ICS-CERT recommends that customers of 7T IGSS software take the following mitigation steps:
- Upgrade to the latest version of IGSS. The latest version is available at: http://www.igss.com/download/licensed-versions.aspx (current users of 7T IGSS can use the “update” feature from within the application).
- 7T recommends placing the control system behind a properly configured firewall.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
The Control Systems Security Program (CSSP) also provides a section for control system security recommended practices on the CSSP web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
For any questions related to this report, please contact the NCCIC at:
Toll Free: 1-888-282-0870
The NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.