Vulnerabilities > CVE-2017-9967 - Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/9.0

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

schneider-electric

NVD

Published: 2018-02-12

Updated: 2019-10-03

Summary

A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Interactive Graphical Scada System 9.0 Schneider Electric Interactive Graphical Scada System 10.0	2

References

http://www.securityfocus.com/bid/103022
https://www.schneider-electric.com/en/download/document/SEVD-2018-037-01/