CVE-2017-6021

{"id": "CVE-2017-6021", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-05-14T14:29:00.193", "references": [{"url": "http://www.securityfocus.com/bid/96768", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."}, {"lang": "es", "value": "En Schneider Electric ClearSCADA 2014 R1 (build 75.5210) y anteriores, 2014 R1.1 (build 75.5387) y anteriores, 2015 R1 (build 76.5648) y anteriores y 2015 R2 (build 77.5882) y anteriores, un atacante con acceso de red al servidor ClearSCADA puede enviar secuencias de comandos especialmente manipuladas y paquetes de datos al servidor ClearSCADA que pueden provocar que el proceso del servidor ClearSCADA y los procesos del controlador de comunicaciones ClearSCADA finalicen. Se ha calculado una puntuaci\u00f3n base de CVSS v3 de 7.5; la cadena de vector CVSS es (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."}], "lastModified": "2019-10-09T23:28:34.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAF38D64-EC72-4D39-80BB-4B3958C18B8B", "versionEndIncluding": "2010"}, {"criteria": "cpe:2.3:a:schneider-electric:clearscada:2014:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "441BA0DB-0BF8-4CDC-9715-9E5227954061"}, {"criteria": "cpe:2.3:a:schneider-electric:clearscada:2014:r1.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB2497FA-9965-4C1A-B9F8-34FC76F0A552"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aveva:clearscada:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAF38D64-EC72-4D39-80BB-4B3958C18B8B", "versionEndIncluding": "2010"}, {"criteria": "cpe:2.3:a:schneider-electric:clearscada:2015:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFE9EABB-597E-4198-9C2D-3886A969483D"}, {"criteria": "cpe:2.3:a:schneider-electric:clearscada:2015:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23FD329C-7118-44C1-8BE2-EED715564C2B"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}