cbcvebase.
CVE-2017-9629
published 2017-07-07

CVE-2017-9629: A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
9.79%
94.9th percentile
A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.

Affected

1 ranges
VendorProductVersion rangeFixed in
schneider-electricwonderware_archestra_logger<= 2017.426.2307.1

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2017-9629 is a remotely exploitable stack-based buffer overflow (CWE-121) in Schneider Electric Wonderware ArchestrA Logger versions 2017.426.2307.1 and prior, requiring no authentication or user interaction (CVSS v3 AV:N/AC:L/PR:N/UI:N). Detection should focus on anomalous or oversized network input to the ArchestrA Logger service.
  • No known public exploits specifically target this vulnerability as of the advisory date; monitor for novel exploitation attempts against the ArchestrA Logger service.
  • The vulnerability is exploitable remotely with low complexity and no privileges required (CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Alert on unexpected remote connections to the ArchestrA Logger service from outside the control system network.
  • ·All Wonderware, Avantis, SimSci, or Skelta products that install the Wonderware ArchestrA Logger version 2017.426.2307.1 or prior are affected, not just standalone ArchestrA Logger deployments.
  • ·The ArchestrA Logger service runs in a highly privileged account context, meaning successful exploitation grants an attacker elevated privileges on the host.
  • ·Two additional vulnerabilities (CVE-2017-9627: Uncontrolled Resource Consumption; CVE-2017-9631: Null Pointer Dereference) affect the same product and versions and should be patched simultaneously.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.