Multiple vulnerabilities in Schneider Electric Wonderware ArchestrA Logger
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-9629 CVE-2017-9627 CVE-2017-9631 |
| CWE-ID | CWE-121 CWE-400 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Wonderware ArchestrA Logger Server applications / SCADA systems |
| Vendor | AVEVA Software, LLC. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU7376
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9629
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to stack-based buffer overflow. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2017.517.2328.1.
Vulnerable software versionsWonderware ArchestrA Logger: 2017.426.2307.1
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-17-187-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU7377
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9627
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to uncontrolled resource consumption. A remote attacker can use specially crafted input to exhaust the memory resources and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update to version 2017.517.2328.1.
Vulnerable software versionsWonderware ArchestrA Logger: 2017.426.2307.1
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-17-187-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Null pointer dereference
EUVDB-ID: #VU7378
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9631
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to NULL pointer dereference. A remote attacker can cause the service for logging and log-viewing to crash.
Successful exploitation of the vulnerability results in denial of service.
Update to version 2017.517.2328.1.
Vulnerable software versionsWonderware ArchestrA Logger: 2017.426.2307.1
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-17-187-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
