CVE-2017-9627

Опубликовано: 07 июл. 2017

Источник: nvd

CVSS3: 8.6

CVSS2: 5

EPSS Низкий

Описание

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.

Ссылки

http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/
Vendor Advisory
http://www.securityfocus.com/bid/99488
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038836
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04
Third Party Advisory
US Government Resource
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/
Vendor Advisory
http://www.securityfocus.com/bid/99488
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038836
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:schneider-electric:wonderware_archestra_logger:2017.426.2307.1:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02334

Низкий

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

GHSA-q2pr-gqr4-26f4

CVSS3: 8.6

github

больше 3 лет назад

BDU:2018-01124

fstec

больше 8 лет назад

Уязвимость сетевого сервиса aaLogger системной службы для обмена сообщениями между компонентами ArchestrA Wonderware ArchestrA Logger, позволяющая нарушителю вызвать отказ в обслуживании