7-Technologies Interactive Graphical SCADA System contains an overflow condition in the service listening on TCP port 12401. The issue is triggered as unspecified user-supplied input is not properly validated when parsing received packets. With a specially crafted request, a remote attacker can cause a buffer overflow, resulting in a denial of service.

Currently, there are no known workarounds or upgrades to correct this issue. However, 7-Technologies has released a patch to address this vulnerability.

• CVE ID: 2011-4050 (see also: NVD)
• Secunia Advisory ID: 47327
• ISS X-Force ID: 71915
• Metasploit ID: 77976
• Related OSVDB ID: 77977
• Vendor Specific Solution URL: http://www.7t.dk/igss/igssupdates/v90/progupdatesv90.zip
• Other Advisory URL: http://www.us-cert.gov/control_systems/pdf/ICSA-11-335-01.pdf

• UCQ - Cyber Defense Insitute