CVE-2017-9967

HIGH

Schneider Electric's IGSS SCADA Software <12 - Info Disclosure

Title source: llm

Description

A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.schneider-electric.com/en/download/document/SEVD-2018-037-01/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103022

Scores

CVSS v3 7.8

EPSS 0.0010

EPSS Percentile 26.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

schneider-electric/interactive_graphical_scada_system < 12.0

Published Feb 12, 2018

Tracked Since Feb 18, 2026