CVE-2017-9629
published 2017-07-07CVE-2017-9629: A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
9.79%
94.9th percentile
A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | wonderware_archestra_logger | <= 2017.426.2307.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2017-9629 is a remotely exploitable stack-based buffer overflow (CWE-121) in Schneider Electric Wonderware ArchestrA Logger versions 2017.426.2307.1 and prior, requiring no authentication or user interaction (CVSS v3 AV:N/AC:L/PR:N/UI:N). Detection should focus on anomalous or oversized network input to the ArchestrA Logger service. ↗
- →No known public exploits specifically target this vulnerability as of the advisory date; monitor for novel exploitation attempts against the ArchestrA Logger service. ↗
- →The vulnerability is exploitable remotely with low complexity and no privileges required (CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Alert on unexpected remote connections to the ArchestrA Logger service from outside the control system network. ↗
- ·All Wonderware, Avantis, SimSci, or Skelta products that install the Wonderware ArchestrA Logger version 2017.426.2307.1 or prior are affected, not just standalone ArchestrA Logger deployments. ↗
- ·The ArchestrA Logger service runs in a highly privileged account context, meaning successful exploitation grants an attacker elevated privileges on the host. ↗
- ·Two additional vulnerabilities (CVE-2017-9627: Uncontrolled Resource Consumption; CVE-2017-9631: Null Pointer Dereference) affect the same product and versions and should be patched simultaneously. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Schneider Electric Wonderware ArchestrA Logger
cisa_ics·2017-07-06
Schneider Electric Wonderware ArchestrA Logger
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric Wonderware ArchestrA Logger
Last RevisedJuly 06, 2017
Alert CodeICSA-17-187-04
## CVSS v3 9.8
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Schneider Electric
Equipment: Wonderware ArchestrA Logger
Vulnerabilities: Stack-Based Buffer Overflow, Uncontrolled Resource Consumption, Null Pointer Deference
## AFFECTED PRODUCTS
Schneider Electric reports that the following versions of Wonderware ArchestrA Logger, a logging software, are affected:
- Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior.
## IMPACT
Successful expl
GHSA
GHSA-c74f-9vf5-2gh6: A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017
ghsa_unreviewed·2022-05-13
CVE-2017-9629 [CRITICAL] CWE-119 GHSA-c74f-9vf5-2gh6: A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017
A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/http://www.securityfocus.com/bid/99488http://www.securitytracker.com/id/1038836https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/http://www.securityfocus.com/bid/99488http://www.securitytracker.com/id/1038836https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04
2017-07-07
Published