7-Technologies IGSS Denial of Service (Update A)
ICSA： ICS Advisory (ICSA-11-132-01A)
ICS-CERT has become aware of multiple denial-of-service (DoS) vulnerabilities in the 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) supervisory control and data acquisition (SCADA) human-machine interface (HMI) application. All vulnerabilities are remotely exploitable.
7T has developed patches that resolve the reported vulnerabilities in the affected versions.
--------- Begin Update A Part 1 of 3 ----------
ICS-CERT and independent researcher Joel Langill have validated the patches.
--------- End Update A Part 1 of 3 ----------
--------- Begin Update A Part 2 of 3 ----------
The vulnerabilities do not affect 7T IGSS SCADA HMI Version 6.
The vulnerabilities affect 7T IGSS SCADA HMI Version 7 prior to Revision 10033.
The vulnerabilities affect 7T IGSS SCADA HMI Version 8 prior to Revision 11102.
The vulnerabilities affect 7T IGSS SCADA HMI Version 9 prior to Revision 11143.
--------- End Update A Part 2 of 3 ----------
Successful exploitation of the reported vulnerabilities can allow an attacker to perform a remote DoS attack against the 7T data server. This action can result in adverse application conditions and ultimately impact the production environment on which the SCADA system is used.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on the environment, architecture, and product implementation.
7T, based in Denmark, creates monitoring and control systems that are primarily used in the United States, Europe, and South Asia. According to the 7T website, IGSS has been deployed in over 28,000 industrial plants in 50 countries worldwide.
7T IGSS HMI is used to control and monitor programmable logic controllers in industrial processes across multiple sectors including manufacturing, energy (oil and gas), and water.
Denial of Service Vulnerability Overview
The DoS vulnerability occurs in the IGSSdataServer service on Port 12401/TCP and in the dc.exe service
on Port 12397/TCP.
Stack-Based Buffer Overflow Vulnerability Details
The DoS vulnerabilities reported can be remotely exploited by sending specially crafted packets to the vulnerable IGSSdataServer service or to the dc.exe service.
Existence of Exploit
Exploit code is publicly available for these vulnerabilities.
These vulnerabilities require moderate skills to exploit.
ICS-CERT recommends that customers of 7T IGSS software take the following mitigation steps:
--------- Begin Update A Part 3 of 3 ----------
Download and run the “IGSS Update” to install the corresponding version patch on the system:
--------- End Update A Part 3 of 3 ----------
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking
The Control Systems Security Program (CSSP) also provides a section for control system security recommended practices on the CSSP page of the US-CERT website. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.