CVE-2017-9627

HIGH

Schneider Electric Wonderware ArchestrA Logger <2017.426.2307.1 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9627. PoCs published by USSCltd.

AI-analyzed exploit summary This is a fuzzing script for CVE-2017-9627, targeting the aaLogger service. It uses Sulley to generate malformed RPC requests to trigger potential vulnerabilities.

Description

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.

Exploits (1)

nomisec WORKING POC
by USSCltd · poc
https://github.com/USSCltd/aaLogger

This is a fuzzing script for CVE-2017-9627, targeting the aaLogger service. It uses Sulley to generate malformed RPC requests to trigger potential vulnerabilities.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: aaLogger (likely a component of a larger system)
No auth needed
Prerequisites: Network access to the target service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99488
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038836

Scores

CVSS v3 8.6
EPSS 0.0233
EPSS Percentile 85.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (2)
n/a/Schneider Electric Wonderware ArchestrA Logger Schneider Electric Wonderware ArchestrA Logger
schneider-electric/wonderware_archestra_logger 2017.426.2307.1
Published Jul 07, 2017
Tracked Since Feb 18, 2026