CVE-2017-6021

Description

In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

References

Link	Tags
http://www.securityfocus.com/bid/96768	vdb entry third party advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01	third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2017-6021?: CVE-2017-6021 has been scored as a high severity vulnerability.
How to fix CVE-2017-6021?: To fix CVE-2017-6021, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-6021 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2017-6021 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-6021?: CVE-2017-6021 affects Schneider Electric SE ClearSCADA.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions