CVE-2017-9962
HIGHSchneider Electric ClearSCADA < 2017 - Memory Corruption via Malformed Requests
Title source: llmDescription
Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/
Scores
CVSS v3
7.5
EPSS
0.0103
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (2)
aveva/clearscada
< 2010
Schneider Electric SE/ClearSCADA
2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions
Published
Sep 26, 2017
Tracked Since
Feb 18, 2026