Details of VAR-201805-0210

ID

VAR-201805-0210

CVE

CVE-2017-6021

TITLE

Schneider Electric ClearSCADA Denial of service vulnerability

Trust: 0.8

sources: IVD: 02487795-6c68-4ccc-a502-44cc37dedf09 // CNVD: CNVD-2017-03833

DESCRIPTION

In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Schneider Electric ClearSCADA Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. The following versions are affected: ClearSCADA 2014 R1 (build 75.5210) and earlier, ClearSCADA 2014 R1.1 (build 75.5387) and earlier, ClearSCADA 2015 R1 (build 76.5648) and earlier, ClearSCADA 2015 R2 (build 77.5882) and previous versions

Trust: 2.7

sources: NVD: CVE-2017-6021 // JVNDB: JVNDB-2017-013462 // CNVD: CNVD-2017-03833 // BID: 96768 // IVD: 02487795-6c68-4ccc-a502-44cc37dedf09 // VULHUB: VHN-114224

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 02487795-6c68-4ccc-a502-44cc37dedf09 // CNVD: CNVD-2017-03833

AFFECTED PRODUCTS

vendor:	schneider electric	model:	clearscada	scope:	eq	version:	2014	Trust: 1.6
vendor:	schneider electric	model:	clearscada	scope:	eq	version:	2015	Trust: 1.6
vendor:	aveva	model:	clearscada	scope:	lte	version:	2010	Trust: 1.0
vendor:	schneider electric	model:	clearscada	scope:	lte	version:	2014 r1 (build 75.5210)	Trust: 0.8
vendor:	schneider electric	model:	clearscada	scope:	lte	version:	2014 r1.1 (build 75.5387)	Trust: 0.8
vendor:	schneider electric	model:	clearscada	scope:	lte	version:	2015 r1 (build 76.5648)	Trust: 0.8
vendor:	schneider electric	model:	clearscada	scope:	lte	version:	2015 r2 (build 77.5882)	Trust: 0.8
vendor:	schneider	model:	electric clearscada	scope:	-	version:	-	Trust: 0.6
vendor:	clearscada	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	clearscada	model:	-	scope:	eq	version:	2014	Trust: 0.4
vendor:	clearscada	model:	-	scope:	eq	version:	2015	Trust: 0.4
vendor:	schneider electric	model:	clearscada r3	scope:	eq	version:	201072.4560	Trust: 0.3
vendor:	schneider electric	model:	clearscada r2.1	scope:	eq	version:	201071.4325	Trust: 0.3
vendor:	schneider electric	model:	clearscada r2	scope:	eq	version:	201071.4165	Trust: 0.3
vendor:	schneider electric	model:	clearscada r3.2	scope:	eq	version:	2010	Trust: 0.3
vendor:	schneider electric	model:	clearscada r2 (build	scope:	eq	version:	201577.58	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1 (build	scope:	eq	version:	201576.56	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1.1 (build	scope:	eq	version:	201475.	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1 (build	scope:	eq	version:	201475.52	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1.2	scope:	eq	version:	2013	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1.1a	scope:	eq	version:	2013	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1.1	scope:	eq	version:	2013	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1	scope:	eq	version:	2013	Trust: 0.3
vendor:	schneider electric	model:	clearscada r3.1	scope:	eq	version:	2010	Trust: 0.3
vendor:	schneider electric	model:	clearscada r3	scope:	eq	version:	2010	Trust: 0.3
vendor:	schneider electric	model:	clearscada r2.1	scope:	eq	version:	2010	Trust: 0.3
vendor:	schneider electric	model:	clearscada r2	scope:	eq	version:	2010	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1	scope:	eq	version:	2010	Trust: 0.3
vendor:	schneider electric	model:	clearscada r2 hotfix build	scope:	ne	version:	2015	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1.1 sp (build	scope:	ne	version:	2015	Trust: 0.3
vendor:	schneider electric	model:	clearscada r1.1 hotfix bui	scope:	ne	version:	2014	Trust: 0.3

sources: IVD: 02487795-6c68-4ccc-a502-44cc37dedf09 // CNVD: CNVD-2017-03833 // BID: 96768 // JVNDB: JVNDB-2017-013462 // CNNVD: CNNVD-201702-591 // NVD: CVE-2017-6021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6021
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6021
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-03833
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-591
value:	HIGH
Trust: 0.6
IVD:	02487795-6c68-4ccc-a502-44cc37dedf09
value:	HIGH
Trust: 0.2
VULHUB:	VHN-114224
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6021
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-03833
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	02487795-6c68-4ccc-a502-44cc37dedf09
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-114224
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6021
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 02487795-6c68-4ccc-a502-44cc37dedf09 // CNVD: CNVD-2017-03833 // VULHUB: VHN-114224 // JVNDB: JVNDB-2017-013462 // CNNVD: CNNVD-201702-591 // NVD: CVE-2017-6021

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-114224 // JVNDB: JVNDB-2017-013462 // NVD: CVE-2017-6021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-591

TYPE

Input validation error

Trust: 0.8

sources: IVD: 02487795-6c68-4ccc-a502-44cc37dedf09 // CNNVD: CNNVD-201702-591

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013462

PATCH

title:	SEVD-2017-060-01	url:	https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2017-060-01+SCADA+expert+ClearSCADA.pdf&p_Doc_Ref=SEVD-2017-060-01	Trust: 0.8
title:	Schneider Electric ClearSCADA Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/91450	Trust: 0.6
title:	Schneider Electric ClearSCADA Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99646	Trust: 0.6

sources: CNVD: CNVD-2017-03833 // JVNDB: JVNDB-2017-013462 // CNNVD: CNNVD-201702-591

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6021	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-068-01	Trust: 2.8
db:	BID	id:	96768	Trust: 2.6
db:	CNNVD	id:	CNNVD-201702-591	Trust: 0.9
db:	CNVD	id:	CNVD-2017-03833	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-013462	Trust: 0.8
db:	NSFOCUS	id:	36057	Trust: 0.6
db:	IVD	id:	02487795-6C68-4CCC-A502-44CC37DEDF09	Trust: 0.2
db:	VULHUB	id:	VHN-114224	Trust: 0.1

sources: IVD: 02487795-6c68-4ccc-a502-44cc37dedf09 // CNVD: CNVD-2017-03833 // VULHUB: VHN-114224 // BID: 96768 // JVNDB: JVNDB-2017-013462 // CNNVD: CNNVD-201702-591 // NVD: CVE-2017-6021

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-068-01	Trust: 2.8
url:	http://www.securityfocus.com/bid/96768	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6021	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6021	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36057	Trust: 0.6
url:	www.controlmicrosystems.com	Trust: 0.3

sources: CNVD: CNVD-2017-03833 // VULHUB: VHN-114224 // BID: 96768 // JVNDB: JVNDB-2017-013462 // CNNVD: CNNVD-201702-591 // NVD: CVE-2017-6021

CREDITS

Sergey Temnikov and Vladimir Dashchenko of Kapersky Lab??s Critical Infrastructure Defense Team

Trust: 0.3

sources: BID: 96768

SOURCES

db:	IVD	id:	02487795-6c68-4ccc-a502-44cc37dedf09
db:	CNVD	id:	CNVD-2017-03833
db:	VULHUB	id:	VHN-114224
db:	BID	id:	96768
db:	JVNDB	id:	JVNDB-2017-013462
db:	CNNVD	id:	CNNVD-201702-591
db:	NVD	id:	CVE-2017-6021

LAST UPDATE DATE

2024-11-23T22:17:30.990000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-03833	date:	2017-04-02T00:00:00
db:	VULHUB	id:	VHN-114224	date:	2019-10-09T00:00:00
db:	BID	id:	96768	date:	2017-03-16T00:02:00
db:	JVNDB	id:	JVNDB-2017-013462	date:	2018-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201702-591	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6021	date:	2024-11-21T03:28:55.197

SOURCES RELEASE DATE

db:	IVD	id:	02487795-6c68-4ccc-a502-44cc37dedf09	date:	2017-04-02T00:00:00
db:	CNVD	id:	CNVD-2017-03833	date:	2017-04-02T00:00:00
db:	VULHUB	id:	VHN-114224	date:	2018-05-14T00:00:00
db:	BID	id:	96768	date:	2017-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-013462	date:	2018-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201702-591	date:	2017-02-17T00:00:00
db:	NVD	id:	CVE-2017-6021	date:	2018-05-14T14:29:00.193