VAR-201709-1079
Vulnerability from variot - Updated: 2023-12-18 13:57Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric clearscada \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2017"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2010",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"cve": "CVE-2017-9962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-9962",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35027",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-118165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-9962",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9962",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-35027",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118165",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "VULHUB",
"id": "VHN-118165"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9962",
"trust": 3.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-264-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2017-35027",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "37698",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DE969E-39AB-11E9-A4AE-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "7AD47499-BDFC-4EBC-ABE2-88ED69C51BAE",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-118165",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"id": "VAR-201709-1079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
}
]
},
"last_update_date": "2023-12-18T13:57:15.786000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-264-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2017-264-01"
},
{
"title": "Schneider Electric ClearSCADA Memory Allocation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/106694"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-264-01/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9962"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9962"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37698"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-23T00:00:00",
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"date": "2017-11-23T00:00:00",
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"date": "2017-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"date": "2017-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-118165"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"date": "2017-09-26T01:29:04.037000",
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-118165"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"date": "2018-12-31T14:23:14.183000",
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"date": "2017-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Memory allocation vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
],
"trust": 1.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…