CVE-2017-9962

HIGH

Schneider Electric ClearSCADA < 2017 - Memory Corruption via Malformed Requests

Title source: llm
STIX 2.1

Description

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.

References (1)

Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
http://www.schneider-electric.com/en/download/document/SEVD-2017-264-01/

Scores

CVSS v3 7.5
EPSS 0.0103
EPSS Percentile 59.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-119
Status published
Products (2)
aveva/clearscada < 2010
Schneider Electric SE/ClearSCADA 2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions
Published Sep 26, 2017
Tracked Since Feb 18, 2026