<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Virsec Security Research Lab

CVE-2020-7554 Interactive Graphical SCADA System

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.


Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base score of this vulnerability is 7.8 High (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Version

IGSS Definition (Def.exe) version and prior

Vulnerability Attribution

kimiya working with Trend Micro’s Zero Day Initiative

Risk Impact

IGSS is a full featured automation software – a SCADA system for process control and supervision. It is the very first object oriented, mouse operated SCADA system. Very large manufacturing facilities such as Nature Energy (Europe’s largest BioGas producer, E-Co Energi, Norway’s second largest hydropower producer to name a few) use IGSS. This vulnerability can change the configuration database in the control system and that can affect the manufacturing facility very adversely. A public domain exploit is not available.

Virsec Security Platform (VSP) Support

The Virsec Security Platform (VSP)- Mem can protect against this vulnerability. In addition, VSP-Host can protect against arbitrary changes to the configuration file.

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.