Vulnerability Details : CVE-2017-6021
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability category: Input validation
Products affected by CVE-2017-6021
- cpe:2.3:a:schneider-electric:clearscada:2014:r1.1:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:clearscada:2014:r1:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:clearscada:2015:r2:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:clearscada:2015:r1:*:*:*:*:*:*
- cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6021
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6021
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-6021
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-6021
-
http://www.securityfocus.com/bid/96768
Schneider Electric ClearSCADA CVE-2017-6021 Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01
Schneider Electric ClearSCADA | CISAThird Party Advisory;US Government Resource
Jump to