ICS Advisory

7-Technologies IGSS Denial of Service (Update A)

Last Revised
Alert Code
ICSA-11-132-01A

Overview

ICS-CERT has become aware of multiple denial-of-service (DoS) vulnerabilities in the 7-Technologies  (7T) Interactive Graphical SCADA System (IGSS) supervisory control and data acquisition (SCADA) human-machine interface (HMI) application. All vulnerabilities are remotely exploitable.

7T has developed patches that resolve the reported vulnerabilities in the affected versions.

--------- Begin Update A Part 1 of 3 ----------

ICS-CERT and independent researcher Joel Langill have validated the patches.

--------- End Update A Part 1 of 3 ----------

Affected Products

--------- Begin Update A Part 2 of 3 ----------

The vulnerabilities do not affect 7T IGSS SCADA HMI Version 6.
The vulnerabilities affect 7T IGSS SCADA HMI Version 7 prior to Revision 10033.
The vulnerabilities affect 7T IGSS SCADA HMI Version 8 prior to Revision 11102.
The vulnerabilities affect 7T IGSS SCADA HMI Version 9 prior to Revision 11143.

--------- End Update A Part 2 of 3 ----------

Impact

Successful exploitation of the reported vulnerabilities can allow an attacker to perform a remote DoS attack against the 7T data server. This action can result in adverse application conditions and ultimately impact the production environment on which the SCADA system is used.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on the environment, architecture, and product implementation.

Background

7T, based in Denmark, creates monitoring and control systems that are primarily used in the United States, Europe, and South Asia. According to the 7T website, IGSS has been deployed in over 28,000 industrial plants in 50 countries worldwide.

7T IGSS HMI is used to control and monitor programmable logic controllers in industrial processes across multiple sectors including manufacturing, energy (oil and gas), and water.

Vulnerability Characterization

Denial of Service Vulnerability Overview

The DoS vulnerability occurs in the IGSSdataServer service on Port 12401/TCP and in the dc.exe service
on Port 12397/TCP.

Stack-Based Buffer Overflow Vulnerability Details

Exploitability

The DoS vulnerabilities reported can be remotely exploited by sending specially crafted packets to the vulnerable IGSSdataServer service or to the dc.exe service.

Existence of Exploit

Exploit code is publicly available for these vulnerabilities.

Difficulty

These vulnerabilities require moderate skills to exploit.

Mitigation

ICS-CERT recommends that customers of 7T IGSS software take the following mitigation steps:

--------- Begin Update A Part 3 of 3 ----------

Download and run the “IGSS Update” to install the corresponding version patch on the system:

--------- End Update A Part 3 of 3 ----------

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking
defensive measures.

The Control Systems Security Program (CSSP) also provides a section for control system security recommended practices on the CSSP page of the US-CERT website. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

This product is provided subject to this Notification and this Privacy & Use policy.

Vendor

  • 7-Technologies

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.