Memory Allocation Vulnerability in Schneider Electric ClearSCADA
CVE-2017-9962

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Clearscada
Vendor: CVE Published:; 26 September 2017

Summary

Schneider Electric's ClearSCADA, specifically versions released before August 2017, is affected by a memory allocation vulnerability. This vulnerability enables attackers to send specially crafted malformed requests to ClearSCADA client applications, leading to unexpected behavior, which could compromise the system’s integrity and reliability. The client applications impacted by this vulnerability include ViewX and the Server Icon.

Affected Version(s)

ClearSCADA 2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions

References

http://www.schneider-electric.com/en/download/document/SE...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2017
Vulnerability Reserved
Jun 26, 2017