Remote Command Execution Vulnerability in Schneider Electric ClearSCADA
CVE-2017-6021

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Clearscada
Vendor: CVE Published:; 14 May 2018

Summary

In Schneider Electric ClearSCADA, an attacker with network access can exploit a vulnerability that allows them to send specially crafted commands and data packets to the ClearSCADA server. This can lead to the termination of the ClearSCADA server process and communications driver processes, potentially disrupting service and causing a denial of operation.

Affected Version(s)

ClearSCADA 2014 R1 (build 75.5210) and prior

ClearSCADA 2014 R1.1 (build 75.5387) and prior

ClearSCADA 2015 R1 (build 76.5648) and prior

References

http://www.securityfocus.com/bid/96768

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2018
Vulnerability Reserved
Feb 16, 2017