Security restrictions bypass in IGSS SCADA - CVE-2017-9967
Published: February 14, 2018
Vulnerability identifier: #VU10575
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:U/U:Clear
CVE-ID: CVE-2017-9967
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Schneider Electric
Affected software:
IGSS SCADA
IGSS SCADA
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to the failure to properly configure security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP). A local attacker can bypass security restrictions and cause the service to crash or execute arbitrary code with elevated privileges.
The weakness exists due to the failure to properly configure security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP). A local attacker can bypass security restrictions and cause the service to crash or execute arbitrary code with elevated privileges.
How to mitigate CVE-2017-9967
Update to version 13.