Details of VAR-201707-1002

ID

VAR-201707-1002

CVE

CVE-2017-9627

TITLE

Schneider Electric Wonderware ArchestrA Logger Denial of service vulnerability

Trust: 0.8

sources: IVD: 0a27e342-dc6f-46ee-a292-27102bc4b964 // CNVD: CNVD-2017-14897

DESCRIPTION

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service. Schneider Electric Wonderware ArchestrA Logger is a logger for Schneider Electric in Schneider Electric, France. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2017-9627 // JVNDB: JVNDB-2017-005562 // CNVD: CNVD-2017-14897 // BID: 99488 // IVD: 0a27e342-dc6f-46ee-a292-27102bc4b964

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 0a27e342-dc6f-46ee-a292-27102bc4b964 // CNVD: CNVD-2017-14897

AFFECTED PRODUCTS

vendor:	schneider electric	model:	wonderware archestra logger	scope:	eq	version:	2017.426.2307.1	Trust: 1.9
vendor:	schneider electric	model:	wonderware archestra logger	scope:	lte	version:	2017.426.2307.1	Trust: 0.8
vendor:	schneider electric	model:	wonderware archestra logger	scope:	lte	version:	<=2017.426.2307.1	Trust: 0.6
vendor:	schneider electric	model:	wonderware archestra logger	scope:	ne	version:	2017.517.2328.1	Trust: 0.3
vendor:	wonderware archestra logger	model:	-	scope:	eq	version:	2017.426.2307.1	Trust: 0.2

sources: IVD: 0a27e342-dc6f-46ee-a292-27102bc4b964 // CNVD: CNVD-2017-14897 // BID: 99488 // JVNDB: JVNDB-2017-005562 // CNNVD: CNNVD-201707-333 // NVD: CVE-2017-9627

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9627
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-9627
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-14897
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201707-333
value:	HIGH
Trust: 0.6
IVD:	0a27e342-dc6f-46ee-a292-27102bc4b964
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2017-9627
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-14897
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0a27e342-dc6f-46ee-a292-27102bc4b964
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-9627
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2017-9627
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 0a27e342-dc6f-46ee-a292-27102bc4b964 // CNVD: CNVD-2017-14897 // JVNDB: JVNDB-2017-005562 // CNNVD: CNNVD-201707-333 // NVD: CVE-2017-9627

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.8

sources: JVNDB: JVNDB-2017-005562 // NVD: CVE-2017-9627

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-333

TYPE

Resource management error

Trust: 0.8

sources: IVD: 0a27e342-dc6f-46ee-a292-27102bc4b964 // CNNVD: CNNVD-201707-333

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005562

PATCH

title:	Wonderware Security Bulletin LFSEC00000116	url:	http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/	Trust: 0.8
title:	Schneider Electric Wonderware ArchestrA Logger Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/98239	Trust: 0.6
title:	Schneider Electric Wonderware ArchestrA Logger Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71563	Trust: 0.6

sources: CNVD: CNVD-2017-14897 // JVNDB: JVNDB-2017-005562 // CNNVD: CNNVD-201707-333

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9627	Trust: 3.5
db:	ICS CERT	id:	ICSA-17-187-04	Trust: 2.7
db:	BID	id:	99488	Trust: 2.5
db:	SECTRACK	id:	1038836	Trust: 1.6
db:	CNVD	id:	CNVD-2017-14897	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-333	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005562	Trust: 0.8
db:	IVD	id:	0A27E342-DC6F-46EE-A292-27102BC4B964	Trust: 0.2

sources: IVD: 0a27e342-dc6f-46ee-a292-27102bc4b964 // CNVD: CNVD-2017-14897 // BID: 99488 // JVNDB: JVNDB-2017-005562 // CNNVD: CNNVD-201707-333 // NVD: CVE-2017-9627

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-187-04	Trust: 2.7
url:	http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/	Trust: 1.9
url:	http://www.securitytracker.com/id/1038836	Trust: 1.6
url:	http://www.securityfocus.com/bid/99488	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9627	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9627	Trust: 0.8
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: CNVD: CNVD-2017-14897 // BID: 99488 // JVNDB: JVNDB-2017-005562 // CNNVD: CNNVD-201707-333 // NVD: CVE-2017-9627

CREDITS

Andrey Zhukov of USSC

Trust: 0.3

sources: BID: 99488

SOURCES

db:	IVD	id:	0a27e342-dc6f-46ee-a292-27102bc4b964
db:	CNVD	id:	CNVD-2017-14897
db:	BID	id:	99488
db:	JVNDB	id:	JVNDB-2017-005562
db:	CNNVD	id:	CNNVD-201707-333
db:	NVD	id:	CVE-2017-9627

LAST UPDATE DATE

2025-04-20T23:30:54.947000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-14897	date:	2017-07-18T00:00:00
db:	BID	id:	99488	date:	2017-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-005562	date:	2017-08-01T00:00:00
db:	CNNVD	id:	CNNVD-201707-333	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-9627	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	0a27e342-dc6f-46ee-a292-27102bc4b964	date:	2017-07-18T00:00:00
db:	CNVD	id:	CNVD-2017-14897	date:	2017-07-18T00:00:00
db:	BID	id:	99488	date:	2017-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-005562	date:	2017-08-01T00:00:00
db:	CNNVD	id:	CNNVD-201707-333	date:	2017-07-10T00:00:00
db:	NVD	id:	CVE-2017-9627	date:	2017-07-07T17:29:00.370