SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-159110467] Schneider Electric IGSS SCADA Software

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-02-13OtherSchneider ElectricIvan Sanchez of Nullcode reported this vulnerability to NCCIC.N/ACVE-2017-9967 N/AN/AN/A

Source

						
							
								
#
# Schneider Electric IGSS SCADA Software
#


### VULNERABLE VENDOR
Schneider Electric


### VULNERABLE PRODUCT
IGSS SCADA Software 


### RESEARCHER
Ivan Sanchez of Nullcode reported this vulnerability to NCCIC.


### AFFECTED PRODUCTS
Schneider Electric reports that the vulnerability affects the following IGSS SCADA Software products:

IGSS SCADA Software V12 and all previous versions


### IMPACT
Successful exploitation of this vulnerability could cause the device the attacker is accessing to crash or execute arbitrary code.


### VULNERABILITY OVERVIEW
SECURITY MISCONFIGURATION CWE-815
Memory protection settings such as address space layout randomization (ASLR) and data execution prevention (DEP) are not properly implemented.
CVE-2017-9967 has been assigned to this vulnerability.
A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L)





### BACKGROUND
Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: France




### MITIGATION

Schneider Electric has provided IGSS SCADA Software V13 to address this vulnerability. Users are recommended to update to V13 using the following link.

http://igss.schneider-electric.com/products/igss/download/licensed-versions.aspx