Analysis of the 7-Technologies IGSS Security Vulnerabilities for Industrial Control System Professionals
A number of previously unknown security vulnerabilities in the 7-Technologies Interactive Graphics SCADA System (IGSS) product have been publically disclosed. The release of these vulnerabilities included proof-of-concept (PoC) exploit code.
This White Paper summarizes the current known facts about these vulnerabilities. It also summarizes the actions that operators of SCADA and ICS systems can take to protect critical operations.
Attacks using these vulnerabilities could be difficult to detect and prevent. All vulnerabilities expose the core communication application within the IGSS platform used to manage communication between various clients and services.
At a minimum, all but one of the disclosed vulnerabilities can be used to forcefully crash a system server, causing a denial-of-service condition and loss of view. Of more serious concern to the SCADA and industrial control systems (ICS) community is the fact that for two of these vulnerabilities, it is relatively simple to inject malicious code in the targeted host and then remotely execute commands to activate this payload.
Authors:
Eric Byres, CTO, Tofino Security
Joel Langill, CSO, SCADAhacker.com
Important Note:
To download this White Paper you must register to become a member of tofinosecurity.com, the official Tofino Security site for the Tofino Industrial Security Solution. When you do this, your information will be shared with SCADAHacker.com. This is an exception to the regular Privacy Policy for this website.
