{"api_version":"1","generated_at":"2026-04-22T23:08:00+00:00","cve":"CVE-2017-9631","urls":{"html":"https://cve.report/CVE-2017-9631","api":"https://cve.report/api/cve/CVE-2017-9631.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-9631","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-9631"},"summary":{"title":"CVE-2017-9631","description":"A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable).","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2017-07-07 17:29:00","updated_at":"2023-02-01 17:59:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/99488","name":"99488","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Schneider Wonderware ArchestrA Logger ICSA-17-187-04 Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1038836","name":"1038836","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Wonderware Information Server Flaws in ArchestrA Logger Component RPC Interface Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04","name":"https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Schneider Electric Wonderware ArchestrA Logger | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/","name":"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/","refsource":"MISC","tags":["Vendor Advisory"],"title":"AVEVA - Global Leader in Industrial Software","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-9631","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9631","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"9631","vulnerable":"1","versionEndIncluding":"2017.426.2307.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider-electric","cpe5":"wonderware_archestra_logger","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"9631","vulnerable":"1","versionEndIncluding":"2017.426.2307.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider_electric","cpe5":"wonderware_archestra_logger","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2017-9631","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Schneider Electric Wonderware ArchestrA Logger","version":{"version_data":[{"version_value":"Schneider Electric Wonderware ArchestrA Logger"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-476"}]}]},"references":{"reference_data":[{"name":"99488","refsource":"BID","url":"http://www.securityfocus.com/bid/99488"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-187-04"},{"name":"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/","refsource":"MISC","url":"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000116/"},{"name":"1038836","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1038836"}]}},"nvd":{"publishedDate":"2017-07-07 17:29:00","lastModifiedDate":"2023-02-01 17:59:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:schneider-electric:wonderware_archestra_logger:*:*:*:*:*:*:*:*","versionEndIncluding":"2017.426.2307.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"9631","Ordinal":"106654","Title":"CVE-2017-9631","CVE":"CVE-2017-9631","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"9631","Ordinal":"1","NoteData":"A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable).","Type":"Description","Title":null},{"CveYear":"2017","CveId":"9631","Ordinal":"2","NoteData":"2017-07-07","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"9631","Ordinal":"3","NoteData":"2017-07-11","Type":"Other","Title":"Modified"}]}}}