First published: Mon Feb 12 2018(Updated: )
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Interactive Graphical Scada System | <=12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-9967 is a security misconfiguration vulnerability in Schneider Electric's IGSS SCADA Software.
Versions 12 and prior of Schneider Electric's IGSS SCADA Software are affected by CVE-2017-9967.
CVE-2017-9967 has a severity rating of 7.8 (high).
CVE-2017-9967 results in weak security configuration settings, specifically in the improper configuration of Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP).
Yes, a security advisory and patch for CVE-2017-9967 can be found at the following link: [link](https://www.schneider-electric.com/en/download/document/SEVD-2018-037-01/)