CVE-2017-9627 - OpenCVE

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Wonderware Archestra Logger

Configuration 1 [-]

cpe:2.3:a:schneider-electric:wonderware_archestra_logger:2017.426.2307.1:*:*:*:*:*:*:*

References

Link	Resource
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/	Vendor Advisory
http://www.securityfocus.com/bid/99488	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038836	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2017-07-07T17:00:00

Updated: 2017-07-11T09:57:01

Reserved: 2017-06-14T00:00:00

Link: CVE-2017-9627

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-07T17:29:00.370

Modified: 2023-02-01T17:38:59.000

Link: CVE-2017-9627

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"containers": {"cna": {"affected": [{"product": "Schneider Electric Wonderware ArchestrA Logger", "vendor": "n/a", "versions": [{"status": "affected", "version": "Schneider Electric Wonderware ArchestrA Logger"}]}], "datePublic": "2017-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "99488", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99488"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04"}, {"tags": ["x_refsource_MISC"], "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/"}, {"name": "1038836", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038836"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-9627", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Schneider Electric Wonderware ArchestrA Logger", "version": {"version_data": [{"version_value": "Schneider Electric Wonderware ArchestrA Logger"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400"}]}]}, "references": {"reference_data": [{"name": "99488", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99488"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04"}, {"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/", "refsource": "MISC", "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/"}, {"name": "1038836", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038836"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-9627", "datePublished": "2017-07-07T17:00:00", "dateReserved": "2017-06-14T00:00:00", "dateUpdated": "2017-07-11T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:wonderware_archestra_logger:2017.426.2307.1:*:*:*:*:*:*:*", "matchCriteriaId": "8E9B4217-AAE8-4B13-B710-2DD773E58785", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service."}, {"lang": "es", "value": "Un problema de consumo incontrolable de recursos fue descubierto en Schneider Electric Wonderware ArchestrA Logger, en su versi\u00f3n 2017.426.2307.1 y anteriores. La vulnerabilidad de consumo incontrolable de recursos pod\u00eda permitir a un atacante agotar la fuente de memoria de la m\u00e1quina causando una denegaci\u00f3n de servicio."}], "id": "CVE-2017-9627", "lastModified": "2023-02-01T17:38:59.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-07T17:29:00.370", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99488"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038836"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}