CVE-2020-7554 Interactive Graphical SCADA System
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.
Watch the video to learn more about this and other important vulnerabilities.
The CVSS Base score of this vulnerability is 7.8 High (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
IGSS Definition (Def.exe) version 188.8.131.5247 and prior
kimiya working with Trend Micro’s Zero Day Initiative
IGSS is a full featured automation software – a SCADA system for process control and supervision. It is the very first object oriented, mouse operated SCADA system. Very large manufacturing facilities such as Nature Energy (Europe’s largest BioGas producer, E-Co Energi, Norway’s second largest hydropower producer to name a few) use IGSS. This vulnerability can change the configuration database in the control system and that can affect the manufacturing facility very adversely. A public domain exploit is not available.
Virsec Security Platform (VSP) Support
The Virsec Security Platform (VSP)- Mem can protect against this vulnerability. In addition, VSP-Host can protect against arbitrary changes to the configuration file.
Download the full vulnerability report to learn more about this and other important vulnerabilities.