<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Virsec Security Research Lab

CVE-2020-7554 Interactive Graphical SCADA System

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVE-2020-7754

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base score of this vulnerability is 7.8 High (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Version

IGSS Definition (Def.exe) version 14.0.0.20247 and prior

Vulnerability Attribution

kimiya working with Trend Micro’s Zero Day Initiative

Risk Impact

IGSS is a full featured automation software – a SCADA system for process control and supervision. It is the very first object oriented, mouse operated SCADA system. Very large manufacturing facilities such as Nature Energy (Europe’s largest BioGas producer, E-Co Energi, Norway’s second largest hydropower producer to name a few) use IGSS. This vulnerability can change the configuration database in the control system and that can affect the manufacturing facility very adversely. A public domain exploit is not available.

Virsec Security Platform (VSP) Support

The Virsec Security Platform (VSP)- Mem can protect against this vulnerability. In addition, VSP-Host can protect against arbitrary changes to the configuration file.

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.