PT-2018-8292 · Schneider Electric · Clearscada
Sergey Temnikov
+1
·
Published
2018-05-14
·
Updated
2019-10-09
·
CVE-2017-6021
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ClearSCADA versions 2014 R1 (build 75.5210) and prior
ClearSCADA versions 2014 R1.1 (build 75.5387) and prior
ClearSCADA versions 2015 R1 (build 76.5648) and prior
ClearSCADA versions 2015 R2 (build 77.5882) and prior
Description
An attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server, causing the ClearSCADA server process and ClearSCADA communications driver processes to terminate.
Recommendations
For ClearSCADA versions 2014 R1 (build 75.5210) and prior, update to a version later than 75.5210 to resolve the issue.
For ClearSCADA versions 2014 R1.1 (build 75.5387) and prior, update to a version later than 75.5387 to resolve the issue.
For ClearSCADA versions 2015 R1 (build 76.5648) and prior, update to a version later than 76.5648 to resolve the issue.
For ClearSCADA versions 2015 R2 (build 77.5882) and prior, update to a version later than 77.5882 to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clearscada