CVE-2017-9967 — Interactive Graphical Scada System vulnerability

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 73.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Interactive Graphical Scada System

Timeline

PublishedFeb 12

Latest updateMay 13

Description

A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDschneider-electric/interactive_graphical_scada_system12.0

🔴Vulnerability Details

GHSA

GHSA-52rj-2977-r9p2: A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior↗2022-05-13

▶

CVEList

CVE-2017-9967: A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior↗2018-02-12

▶