#VU10575 Security restrictions bypass in IGSS SCADA - CVE-2017-9967
Published: February 14, 2018
Vulnerability identifier: #VU10575
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:U/U:Clear
CVE-ID: CVE-2017-9967
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
IGSS SCADA
IGSS SCADA
Software vendor:
Schneider Electric
Schneider Electric
Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to the failure to properly configure security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP). A local attacker can bypass security restrictions and cause the service to crash or execute arbitrary code with elevated privileges.
The weakness exists due to the failure to properly configure security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP). A local attacker can bypass security restrictions and cause the service to crash or execute arbitrary code with elevated privileges.
Remediation
Update to version 13.