7T Interactive Graphical SCADA System 'dc.exe' Command Injection Vulnerability

Summary
This host is installed with 7T Interactive Graphical SCADA System and is prone to remote command execution vulnerability.
Impact
Successful exploitation will allow remote attackers to traverse directory and execute arbitrary commands. Impact Level: Application
Solution
Upgrade to version 9.00.00.11083 or higher, For updates refer www.igss.com
Insight
Flaw is due to dc.exe not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 0xa and 0x17 opcodes.
Affected
Interactive Graphical SCADA System dc.exe <= 9.00.00.11059
Detection
Send a crafted request via and check whether it is able to execute the command remotely.
References