CVE-2017-9962

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Clearscada
Vendor: CVE Published:; 26 September 2017

Summary

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.

Affected Version(s)

ClearSCADA 2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions

References

http://www.schneider-electric.com/en/download/document/SE...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2017
Vulnerability Reserved
Jun 26, 2017