CVE-2020-7554: Interactive Graphical SCADA System

Virsec Security Research Lab Vulnerability Report

The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities.

1.1        Vulnerability Summary

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base score of this vulnerability is 7.8 High (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

1.3        Affected Version

IGSS Definition (Def.exe) version 14.0.0.20247 and prior

1.4        Vulnerability Attribution

kimiya working with Trend Micro’s Zero Day Initiative

1.5        Risk Impact

IGSS is a full featured automation software – a SCADA system for process control and supervision. It is the very first object oriented, mouse operated SCADA system. Very large manufacturing facilities such as Nature Energy (Europe’s largest BioGas producer, E-Co Energi, Norway’s second largest hydropower producer to name a few) use IGSS. This vulnerability can change the configuration database in the control system and that can affect the manufacturing facility very adversely. A public domain exploit is not available.

1.6        Virsec Security Platform (VSP) Support:

The Virsec Security Platform (VSP)- Mem can protect against this vulnerability. In addition, VSP-Host can protect against arbitrary changes to the configuration file.

1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.

The post CVE-2020-7554: Interactive Graphical SCADA System appeared first on Virsec Systems.


*** This is a Security Bloggers Network syndicated blog from Blog – Virsec Systems authored by Satya Gupta. Read the original post at: https://virsec.com/cve-2020-7554-interactive-graphical-scada-system/