var-201709-1079
Vulnerability from variot
Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearscada",
"scope": "lte",
"trust": 1.0,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric clearscada \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "2017"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "aveva",
"version": "2010"
},
{
"model": "clearscada",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2017"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "clearscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:clearscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
}
]
},
"cve": "CVE-2017-9962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9962",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35027",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-118165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9962",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9962",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9962",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-35027",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118165",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric\u0027s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. Schneider Electric ClearSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider Electric ClearSCADA has a memory allocation vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. It is also an important part of telemetry and remote SCADA system solutions. Manage critical infrastructure remotely. A security vulnerability exists in versions of Schneider Electric ClearSCADA prior to August 2017. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9962"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "VULHUB",
"id": "VHN-118165"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9962",
"trust": 3.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-264-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2017-35027",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "37698",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DE969E-39AB-11E9-A4AE-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "7AD47499-BDFC-4EBC-ABE2-88ED69C51BAE",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-118165",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"id": "VAR-201709-1079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
}
]
},
"last_update_date": "2024-11-23T22:42:03.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2017-264-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-264-01"
},
{
"title": "Schneider Electric ClearSCADA Memory Allocation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/106694"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.schneider-electric.com/en/download/document/sevd-2017-264-01/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9962"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9962"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37698"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"db": "VULHUB",
"id": "VHN-118165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-23T00:00:00",
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"date": "2017-11-23T00:00:00",
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"date": "2017-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"date": "2017-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-118165"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"date": "2017-09-26T01:29:04.037000",
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35027"
},
{
"date": "2018-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-118165"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008557"
},
{
"date": "2017-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1086"
},
{
"date": "2024-11-21T03:37:15.633000",
"db": "NVD",
"id": "CVE-2017-9962"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric ClearSCADA Memory allocation vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNVD",
"id": "CNVD-2017-35027"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e2de969e-39ab-11e9-a4ae-000c29342cb1"
},
{
"db": "IVD",
"id": "7ad47499-bdfc-4ebc-abe2-88ed69c51bae"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1086"
}
],
"trust": 1.0
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…