PT-2018-8292 · Schneider Electric · Clearscada
Sergey Temnikov
+1
·
Publicado
2018-05-14
·
Atualizado
2019-10-09
·
CVE-2017-6021
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ClearSCADA versions 2014 R1 (build 75.5210) and prior
ClearSCADA versions 2014 R1.1 (build 75.5387) and prior
ClearSCADA versions 2015 R1 (build 76.5648) and prior
ClearSCADA versions 2015 R2 (build 77.5882) and prior
Description
An attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server, causing the ClearSCADA server process and ClearSCADA communications driver processes to terminate.
Recommendations
For ClearSCADA versions 2014 R1 (build 75.5210) and prior, update to a version later than 75.5210 to resolve the issue.
For ClearSCADA versions 2014 R1.1 (build 75.5387) and prior, update to a version later than 75.5387 to resolve the issue.
For ClearSCADA versions 2015 R1 (build 76.5648) and prior, update to a version later than 76.5648 to resolve the issue.
For ClearSCADA versions 2015 R2 (build 77.5882) and prior, update to a version later than 77.5882 to resolve the issue.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Clearscada