Sign-up

ID

VAR-201709-1079


CVE

CVE-2017-9962


TITLE

Schneider Electric ClearSCADA Memory allocation vulnerability

Trust: 1.0

sources: IVD: e2de969e-39ab-11e9-a4ae-000c29342cb1 // IVD: 7ad47499-bdfc-4ebc-abe2-88ed69c51bae // CNVD: CNVD-2017-35027

DESCRIPTION

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 2.61

sources: NVD: CVE-2017-9962 // JVNDB: JVNDB-2017-008557 // CNVD: CNVD-2017-35027 // IVD: e2de969e-39ab-11e9-a4ae-000c29342cb1 // IVD: 7ad47499-bdfc-4ebc-abe2-88ed69c51bae // VULHUB: VHN-118165

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: e2de969e-39ab-11e9-a4ae-000c29342cb1 // IVD: 7ad47499-bdfc-4ebc-abe2-88ed69c51bae // CNVD: CNVD-2017-35027

AFFECTED PRODUCTS

vendor:avevamodel:clearscadascope:lteversion:2010

Trust: 1.0

vendor:schneider electricmodel:clearscadascope: - version: -

Trust: 0.8

vendor:schneidermodel:electric clearscada <augustscope:eqversion:2017

Trust: 0.6

vendor:avevamodel:clearscadascope:eqversion:2010

Trust: 0.6

vendor:schneider electricmodel:clearscadascope:eqversion:2017

Trust: 0.6

vendor:clearscadamodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: e2de969e-39ab-11e9-a4ae-000c29342cb1 // IVD: 7ad47499-bdfc-4ebc-abe2-88ed69c51bae // CNVD: CNVD-2017-35027 // JVNDB: JVNDB-2017-008557 // CNNVD: CNNVD-201706-1086 // NVD: CVE-2017-9962

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9962
value: HIGH

Trust: 1.0

NVD: CVE-2017-9962
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-35027
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-1086
value: MEDIUM

Trust: 0.6

IVD: e2de969e-39ab-11e9-a4ae-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: 7ad47499-bdfc-4ebc-abe2-88ed69c51bae
value: MEDIUM

Trust: 0.2

VULHUB: VHN-118165
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-9962
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-35027
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2de969e-39ab-11e9-a4ae-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7ad47499-bdfc-4ebc-abe2-88ed69c51bae
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-118165
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9962
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: e2de969e-39ab-11e9-a4ae-000c29342cb1 // IVD: 7ad47499-bdfc-4ebc-abe2-88ed69c51bae // CNVD: CNVD-2017-35027 // VULHUB: VHN-118165 // JVNDB: JVNDB-2017-008557 // CNNVD: CNNVD-201706-1086 // NVD: CVE-2017-9962

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-118165 // JVNDB: JVNDB-2017-008557 // NVD: CVE-2017-9962

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1086

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: e2de969e-39ab-11e9-a4ae-000c29342cb1 // IVD: 7ad47499-bdfc-4ebc-abe2-88ed69c51bae // CNNVD: CNNVD-201706-1086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008557

PATCH
title:SEVD-2017-264-01url:http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-264-01
Trust: 0.8
title:Schneider Electric ClearSCADA Memory Allocation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/106694
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-35027 // 
            
            
            
            JVNDB: JVNDB-2017-008557

EXTERNAL IDS
db:NVDid:CVE-2017-9962
Trust: 3.5
db:SCHNEIDERid:SEVD-2017-264-01
Trust: 1.7
db:CNNVDid:CNNVD-201706-1086
Trust: 1.1
db:CNVDid:CNVD-2017-35027
Trust: 1.0
db:JVNDBid:JVNDB-2017-008557
Trust: 0.8
db:NSFOCUSid:37698
Trust: 0.6
db:IVDid:E2DE969E-39AB-11E9-A4AE-000C29342CB1
Trust: 0.2
db:IVDid:7AD47499-BDFC-4EBC-ABE2-88ED69C51BAE
Trust: 0.2
db:VULHUBid:VHN-118165
Trust: 0.1
sources:
            
            
            IVD: e2de969e-39ab-11e9-a4ae-000c29342cb1 // 
            
            
            
            IVD: 7ad47499-bdfc-4ebc-abe2-88ed69c51bae // 
            
            
            
            CNVD: CNVD-2017-35027 // 
            
            
            
            VULHUB: VHN-118165 // 
            
            
            
            JVNDB: JVNDB-2017-008557 // 
            
            
            
            CNNVD: CNNVD-201706-1086 // 
            
            
            
            NVD: CVE-2017-9962

REFERENCES
url:http://www.schneider-electric.com/en/download/document/sevd-2017-264-01/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-9962
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9962
Trust: 0.8
url:http://www.nsfocus.net/vulndb/37698
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-35027 // 
            
            
            
            VULHUB: VHN-118165 // 
            
            
            
            JVNDB: JVNDB-2017-008557 // 
            
            
            
            CNNVD: CNNVD-201706-1086 // 
            
            
            
            NVD: CVE-2017-9962

SOURCES
db:IVDid:e2de969e-39ab-11e9-a4ae-000c29342cb1
db:IVDid:7ad47499-bdfc-4ebc-abe2-88ed69c51bae
db:CNVDid:CNVD-2017-35027
db:VULHUBid:VHN-118165
db:JVNDBid:JVNDB-2017-008557
db:CNNVDid:CNNVD-201706-1086
db:NVDid:CVE-2017-9962

LAST UPDATE DATE
2025-04-20T23:22:11.216000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-35027date:2017-11-23T00:00:00
db:VULHUBid:VHN-118165date:2018-12-31T00:00:00
db:JVNDBid:JVNDB-2017-008557date:2017-10-23T00:00:00
db:CNNVDid:CNNVD-201706-1086date:2017-09-30T00:00:00
db:NVDid:CVE-2017-9962date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:e2de969e-39ab-11e9-a4ae-000c29342cb1date:2017-11-23T00:00:00
db:IVDid:7ad47499-bdfc-4ebc-abe2-88ed69c51baedate:2017-11-23T00:00:00
db:CNVDid:CNVD-2017-35027date:2017-11-23T00:00:00
db:VULHUBid:VHN-118165date:2017-09-26T00:00:00
db:JVNDBid:JVNDB-2017-008557date:2017-10-23T00:00:00
db:CNNVDid:CNNVD-201706-1086date:2017-06-27T00:00:00
db:NVDid:CVE-2017-9962date:2017-09-26T01:29:04.037