CVE-2017-6021

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Clearscada
Vendor: CVE Published:; 14 May 2018

Summary

In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Affected Version(s)

ClearSCADA 2014 R1 (build 75.5210) and prior

ClearSCADA 2014 R1.1 (build 75.5387) and prior

ClearSCADA 2015 R1 (build 76.5648) and prior

References

http://www.securityfocus.com/bid/96768

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2018
Vulnerability Reserved
Feb 16, 2017