CVE-2017-6021
HIGHSchneider Electric ClearSCADA < 2014 R1.1 - Denial of Service via Crafted Command Sequences
Title source: llmDescription
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96768
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01
Scores
CVSS v3
7.5
EPSS
0.0045
EPSS Percentile
63.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (3)
aveva/clearscada
< 2010
schneider-electric/clearscada
2014 r1 (2 CPE variants)
schneider-electric/clearscada
2015 r1 (2 CPE variants)
Published
May 14, 2018
Tracked Since
Feb 18, 2026