CVE-2017-9962Improper Restriction of Operations within the Bounds of a Memory Buffer in Clearscada

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-271Privilege Dropping / Lowering Errors6 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 31.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Aveva ClearscadaSchneider Electric SE Clearscada
Timeline
PublishedSep 26
Latest updateMay 14

Description

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5schneider_electric_se/clearscada2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions

🔴Vulnerability Details

2
GHSA
GHSA-8rrf-cfx9-434w: Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed request2022-05-14
CVEList
CVE-2017-9962: Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed request2017-09-25

📋Vendor Advisories

1
Red Hat
docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc2020-06-23

💬Community

1
Bugzilla
CVE-2020-14300 docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc2020-06-19
CVE-2017-9962 — Aveva Clearscada vulnerability | cvebase