ICS Advisory (ICSA-11-189-01)

7-Technologies IGSS Remote Memory Corruption

Click to Tweet.
Click to send to Facebook.
Click to Share.

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.



ICS-CERT has become aware of a memory corruption vulnerability that has been coordinated with 7-Technologies (7T) by the VUPEN Vulnerability Research Team. 7T has created a patch that fully resolves this vulnerability. VUPEN has confirmed that the patch resolves the vulnerability.

7T has created a patch that fully resolves this vulnerability. VUPEN has confirmed that the patch resolves the vulnerability.

Affected Products

This vulnerability affects all 7T Interactive Graphical SCADA System (IGSS) versions prior to


Successful exploitation of the reported vulnerabilities can allow an attacker to perform a number of malicious actions including denial of service (DoS) and arbitrary code execution. These actions can result in adverse application conditions and ultimately impact the process environment in which the SCADA system is deployed.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on the environment, architecture, and product implementation.


7T, based in Denmark, creates monitoring and control systems that are primarily used in the United States, Europe, and South Asia. According to the 7T website, IGSS has been deployed in over 28,000 industrial plants in 50 countries worldwide.

7T IGSS HMI is used to control and monitor programmable logic controllers in industrial processes across multiple sectors including energy, manufacturing, oil and gas, and water.

Vulnerability Characterization

Vulnerability Overview

The vulnerability is caused by a memory corruption error in the Open Database Connectivity (ODBC) component when processing packets sent to port 20222/TCP, which could result in an invalid structure being used. This can lead to an exploitable condition.

Vulnerability Details


This vulnerability can be remotely exploited by sending specially crafted code to the vulnerable ODBC service. If exploited, this vulnerability could allow the attacker to execute a malicious payload.

Existence of Exploit

No known public exploits specifically target this vulnerability.


These vulnerabilities require advanced skills to exploit.


ICS-CERT recommends that customers of 7T IGSS software take the following mitigation steps:

  • Upgrade to the latest version of IGSS. The latest version is available at: http://www.igss.com/download/licensed-versions.aspx (current users of 7T IGSS can use the “update” feature from within the application).
  • 7T recommends placing the control system behind a properly configured firewall.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

The Control Systems Security Program (CSSP) also provides a section for control system security recommended practices on the CSSP web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Contact Information

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

For industrial control systems cybersecurity information:  https://us-cert.cisa.gov/ics 
or incident reporting:  https://us-cert.cisa.gov/report

CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.