VAR-201105-0286
Vulnerability from variot - Updated: 2023-12-18 12:45Unspecified vulnerability in the Open Database Connectivity (ODBC) component in 7T Interactive Graphical SCADA System (IGSS) before 9.0.0.11143 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 20222, which triggers memory corruption related to an "invalid structure being used.". The 7T Interactive Graphical SCADA System is an automated monitoring and control system. Using an illegal structure can result in an exploitable condition that can successfully execute arbitrary code in the application context. Successfully exploiting this issue will completely compromise an affected computer. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Interactive Graphical SCADA System 9.0.0.11143 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201105-0286",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "igss",
"scope": "eq",
"trust": 1.6,
"vendor": "7t",
"version": "9"
},
{
"model": "igss",
"scope": "eq",
"trust": 1.6,
"vendor": "7t",
"version": "8"
},
{
"model": "igss",
"scope": "lte",
"trust": 1.0,
"vendor": "7t",
"version": "9.0.0.11129"
},
{
"model": "interactive graphical scada system",
"scope": "eq",
"trust": 0.9,
"vendor": "7",
"version": "8"
},
{
"model": "interactive graphical scada system",
"scope": "eq",
"trust": 0.9,
"vendor": "7",
"version": "9"
},
{
"model": "interactive graphical scada system",
"scope": "eq",
"trust": 0.9,
"vendor": "7",
"version": "9.0.0.11129"
},
{
"model": "interactive graphical scada system",
"scope": "lt",
"trust": 0.8,
"vendor": "7",
"version": "9.0.0.11143"
},
{
"model": "igss",
"scope": "eq",
"trust": 0.6,
"vendor": "7t",
"version": "9.0.0.11129"
},
{
"model": "interactive graphical scada system",
"scope": "eq",
"trust": 0.3,
"vendor": "7",
"version": "0"
},
{
"model": "interactive graphical scada system",
"scope": "ne",
"trust": 0.3,
"vendor": "7",
"version": "9.0.0.11143"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "igss",
"version": "8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "igss",
"version": "9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "igss",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1968"
},
{
"db": "BID",
"id": "47960"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004675"
},
{
"db": "NVD",
"id": "CVE-2011-2214"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-300"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:7t:igss:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:7t:igss:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:7t:igss:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.0.11129",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2214"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastien Renaud of VUPEN Security",
"sources": [
{
"db": "BID",
"id": "47960"
}
],
"trust": 0.3
},
"cve": "CVE-2011-2214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-2214",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-2214",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201105-300",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004675"
},
{
"db": "NVD",
"id": "CVE-2011-2214"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-300"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the Open Database Connectivity (ODBC) component in 7T Interactive Graphical SCADA System (IGSS) before 9.0.0.11143 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 20222, which triggers memory corruption related to an \"invalid structure being used.\". The 7T Interactive Graphical SCADA System is an automated monitoring and control system. Using an illegal structure can result in an exploitable condition that can successfully execute arbitrary code in the application context. Successfully exploiting this issue will completely compromise an affected computer. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to Interactive Graphical SCADA System 9.0.0.11143 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2214"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004675"
},
{
"db": "CNVD",
"id": "CNVD-2011-1968"
},
{
"db": "BID",
"id": "47960"
},
{
"db": "IVD",
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-2214",
"trust": 2.9
},
{
"db": "BID",
"id": "47960",
"trust": 2.5
},
{
"db": "SREASON",
"id": "8265",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-1968",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201105-300",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004675",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20110524 VUPEN SECURITY RESEARCH - 7T INTERACTIVE GRAPHICAL SCADA SYSTEM (IGSS) REMOTE MEMORY CORRUPTION",
"trust": 0.6
},
{
"db": "IVD",
"id": "8BD5A710-1F94-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1968"
},
{
"db": "BID",
"id": "47960"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004675"
},
{
"db": "NVD",
"id": "CVE-2011-2214"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-300"
}
]
},
"id": "VAR-201105-0286",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1968"
}
],
"trust": 1.46741073
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1968"
}
]
},
"last_update_date": "2023-12-18T12:45:53.251000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.igss.com/index.htm"
},
{
"title": "7T Interactive Graphical SCADA System System ODBC Message Remote Memory Corruption Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/3936"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1968"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004675"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/47960"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8265"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/518110/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2214"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2214"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/518110"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/518110/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.igss.com/"
},
{
"trust": 0.3,
"url": "/archive/1/518110"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-1968"
},
{
"db": "BID",
"id": "47960"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004675"
},
{
"db": "NVD",
"id": "CVE-2011-2214"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-300"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1968"
},
{
"db": "BID",
"id": "47960"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004675"
},
{
"db": "NVD",
"id": "CVE-2011-2214"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-300"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-25T00:00:00",
"db": "IVD",
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d"
},
{
"date": "2011-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1968"
},
{
"date": "2011-05-24T00:00:00",
"db": "BID",
"id": "47960"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004675"
},
{
"date": "2011-05-31T20:55:05.297000",
"db": "NVD",
"id": "CVE-2011-2214"
},
{
"date": "2011-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-300"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-1968"
},
{
"date": "2015-04-13T21:01:00",
"db": "BID",
"id": "47960"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004675"
},
{
"date": "2018-10-09T19:32:18.353000",
"db": "NVD",
"id": "CVE-2011-2214"
},
{
"date": "2011-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-300"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-300"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "7T Interactive Graphical SCADA System system ODBC Message Remote Memory Corruption Vulnerability",
"sources": [
{
"db": "IVD",
"id": "8bd5a710-1f94-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-1968"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-300"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…