Search criteria
15 vulnerabilities found for powerscada_anywhere by schneider-electric
FKIE_CVE-2017-9963
Vulnerability from fkie_nvd - Published: 2018-02-12 23:29 - Updated: 2024-11-21 03:37
Severity ?
Summary
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | powerscada_anywhere | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_anywhere:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6445511E-70B8-4E03-A178-FFDBE02E1609",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el componente Secure Gateway de PowerSCADA Anywhere v1.0 redistribuido con PowerSCADA Expert v8.1 y PowerSCADA Expert v8.2 y Citect Anywhere versi\u00f3n 1.0, de Schneider Electric para m\u00faltiples peticiones de cambio de estado. Este tipo de ataque requiere cierto nivel de ingenier\u00eda social para conseguir que un usuario leg\u00edtimo haga clic o acceda a un enlace o p\u00e1gina maliciosa que contenga el ataque CSRF."
}
],
"id": "CVE-2017-9963",
"lastModified": "2024-11-21T03:37:15.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-12T23:29:00.213",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Broken Link"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7970
Vulnerability from fkie_nvd - Published: 2017-09-26 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@se.com | http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/ | Mitigation, Patch, Vendor Advisory | |
| cybersecurity@se.com | http://www.securityfocus.com/bid/99913 | Third Party Advisory, VDB Entry | |
| cybersecurity@se.com | https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere | Issue Tracking, Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/ | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99913 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere | Issue Tracking, Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | powerscada_anywhere | 1.0 | |
| schneider-electric | powerscada_expert | 8.1 | |
| schneider-electric | powerscada_expert | 8.2 | |
| schneider-electric | citect_anywhere | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_anywhere:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6445511E-70B8-4E03-A178-FFDBE02E1609",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE171A71-B1AF-471B-9D27-07D4491D05B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A3FA74-D201-41AA-BDA1-82816813AD11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citect_anywhere:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5182F21D-1DF5-492A-9A3D-B913AC6B12F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en la versi\u00f3n 1.0 de PowerSCADA Anywhere de Schneider Electric redistribuida con PowerSCADA Expert 8.1, PowerSCADA Expert 8.2 y Citect Anywhere 1.0 que permite que se especifiquen nodos de destino del servidor arbitrarios en peticiones de conexi\u00f3n a los componentes de Secure Gateway y Server."
}
],
"id": "CVE-2017-7970",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-26T01:29:03.537",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7972
Vulnerability from fkie_nvd - Published: 2017-09-26 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@se.com | http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/ | Mitigation, Patch, Vendor Advisory | |
| cybersecurity@se.com | http://www.securityfocus.com/bid/99913 | Third Party Advisory, VDB Entry | |
| cybersecurity@se.com | https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere | Issue Tracking, Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/ | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99913 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere | Issue Tracking, Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | powerscada_anywhere | 1.0 | |
| schneider-electric | powerscada_expert | 8.1 | |
| schneider-electric | powerscada_expert | 8.2 | |
| schneider-electric | citect_anywhere | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_anywhere:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6445511E-70B8-4E03-A178-FFDBE02E1609",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE171A71-B1AF-471B-9D27-07D4491D05B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A3FA74-D201-41AA-BDA1-82816813AD11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citect_anywhere:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5182F21D-1DF5-492A-9A3D-B913AC6B12F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en la versi\u00f3n 1.0 de PowerSCADA Anywhere de Schneider Electric redistribuida con PowerSCADA Expert 8.1, PowerSCADA Expert 8.2 y Citect Anywhere 1.0 que permite escaparse de las aplicaciones remotas de PowerSCADA Anywhere y ejecutar otros procesos."
}
],
"id": "CVE-2017-7972",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-26T01:29:03.617",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7969
Vulnerability from fkie_nvd - Published: 2017-09-26 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@se.com | http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/ | Mitigation, Patch, Vendor Advisory | |
| cybersecurity@se.com | http://www.securityfocus.com/bid/99913 | Third Party Advisory, VDB Entry | |
| cybersecurity@se.com | https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere | Issue Tracking, Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/ | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99913 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere | Issue Tracking, Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | powerscada_anywhere | 1.0 | |
| schneider-electric | powerscada_expert | 8.1 | |
| schneider-electric | powerscada_expert | 8.2 | |
| schneider-electric | citect_anywhere | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_anywhere:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6445511E-70B8-4E03-A178-FFDBE02E1609",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE171A71-B1AF-471B-9D27-07D4491D05B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A3FA74-D201-41AA-BDA1-82816813AD11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citect_anywhere:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5182F21D-1DF5-492A-9A3D-B913AC6B12F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el componente Secure Gateway de PowerSCADA Anywhere v1.0 redistribuido con PowerSCADA Expert v8.1 y PowerSCADA Expert v8.2 y Citect Anywhere versi\u00f3n 1.0, de Schneider Electric para m\u00faltiples peticiones de cambio de estado. Este tipo de ataque requiere cierto nivel de ingenier\u00eda social para conseguir que un usuario leg\u00edtimo haga clic o acceda a un enlace o p\u00e1gina maliciosa que contenga el ataque CSRF."
}
],
"id": "CVE-2017-7969",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-26T01:29:03.460",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7971
Vulnerability from fkie_nvd - Published: 2017-09-26 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@se.com | http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/ | Mitigation, Patch, Vendor Advisory | |
| cybersecurity@se.com | http://www.securityfocus.com/bid/99913 | Third Party Advisory, VDB Entry | |
| cybersecurity@se.com | https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere | Issue Tracking, Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/ | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99913 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere | Issue Tracking, Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | powerscada_anywhere | 1.0 | |
| schneider-electric | powerscada_expert | 8.1 | |
| schneider-electric | powerscada_expert | 8.2 | |
| schneider-electric | citect_anywhere | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_anywhere:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6445511E-70B8-4E03-A178-FFDBE02E1609",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE171A71-B1AF-471B-9D27-07D4491D05B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:schneider-electric:powerscada_expert:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A3FA74-D201-41AA-BDA1-82816813AD11",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:citect_anywhere:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5182F21D-1DF5-492A-9A3D-B913AC6B12F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en la versi\u00f3n 1.0 de PowerSCADA Anywhere de Schneider Electric redistribuida con PowerSCADA Expert 8.1, PowerSCADA Expert 8.2 y Citect Anywhere 1.0 que permite que se utilicen suites de cifrado obsoletas y se verifique incorrectamente el certificado Peer SSL."
}
],
"id": "CVE-2017-7971",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-26T01:29:03.587",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-9963 (GCVE-0-2017-9963)
Vulnerability from cvelistv5 – Published: 2018-02-12 23:00 – Updated: 2024-09-16 18:29
VLAI?
Summary
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T15:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-02-12T00:00:00",
"ID": "CVE-2017-9963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere",
"refsource": "MISC",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-9963",
"datePublished": "2018-02-12T23:00:00Z",
"dateReserved": "2017-06-26T00:00:00",
"dateUpdated": "2024-09-16T18:29:56.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7972 (GCVE-0-2017-7972)
Vulnerability from cvelistv5 – Published: 2017-09-25 19:00 – Updated: 2024-09-16 17:59
VLAI?
Summary
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.
Severity ?
No CVSS data available.
CWE
- Escaping PowerSCADA Application
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric SE | PowerSCADA Anywhere |
Affected:
Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerSCADA Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
},
{
"product": "Citect Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "version 1.0"
}
]
}
],
"datePublic": "2017-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escaping PowerSCADA Application",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2017-06-22T00:00:00",
"ID": "CVE-2017-7972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerSCADA Anywhere",
"version": {
"version_data": [
{
"version_value": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
}
},
{
"product_name": "Citect Anywhere",
"version": {
"version_data": [
{
"version_value": "version 1.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escaping PowerSCADA Application"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99913"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-7972",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-04-19T00:00:00",
"dateUpdated": "2024-09-16T17:59:07.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7970 (GCVE-0-2017-7970)
Vulnerability from cvelistv5 – Published: 2017-09-25 19:00 – Updated: 2024-09-17 02:56
VLAI?
Summary
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.
Severity ?
No CVSS data available.
CWE
- Information Exposure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric SE | PowerSCADA Anywhere |
Affected:
Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerSCADA Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
},
{
"product": "Citect Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "version 1.0"
}
]
}
],
"datePublic": "2017-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2017-06-22T00:00:00",
"ID": "CVE-2017-7970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerSCADA Anywhere",
"version": {
"version_data": [
{
"version_value": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
}
},
{
"product_name": "Citect Anywhere",
"version": {
"version_data": [
{
"version_value": "version 1.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99913"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-7970",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-04-19T00:00:00",
"dateUpdated": "2024-09-17T02:56:33.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7969 (GCVE-0-2017-7969)
Vulnerability from cvelistv5 – Published: 2017-09-25 19:00 – Updated: 2024-09-17 01:30
VLAI?
Summary
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
Severity ?
No CVSS data available.
CWE
- Cross Site Request Forgery
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric SE | PowerSCADA Anywhere |
Affected:
Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerSCADA Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
},
{
"product": "Citect Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "version 1.0"
}
]
}
],
"datePublic": "2017-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2017-06-22T00:00:00",
"ID": "CVE-2017-7969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerSCADA Anywhere",
"version": {
"version_data": [
{
"version_value": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
}
},
{
"product_name": "Citect Anywhere",
"version": {
"version_data": [
{
"version_value": "version 1.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99913"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-7969",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-04-19T00:00:00",
"dateUpdated": "2024-09-17T01:30:49.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7971 (GCVE-0-2017-7971)
Vulnerability from cvelistv5 – Published: 2017-09-25 19:00 – Updated: 2024-09-16 22:15
VLAI?
Summary
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.
Severity ?
No CVSS data available.
CWE
- Improper Validaiton of Certificate Expiration
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric SE | PowerSCADA Anywhere |
Affected:
Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerSCADA Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
},
{
"product": "Citect Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "version 1.0"
}
]
}
],
"datePublic": "2017-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Validaiton of Certificate Expiration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2017-06-22T00:00:00",
"ID": "CVE-2017-7971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerSCADA Anywhere",
"version": {
"version_data": [
{
"version_value": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
}
},
{
"product_name": "Citect Anywhere",
"version": {
"version_data": [
{
"version_value": "version 1.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validaiton of Certificate Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99913"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-7971",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-04-19T00:00:00",
"dateUpdated": "2024-09-16T22:15:34.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9963 (GCVE-0-2017-9963)
Vulnerability from nvd – Published: 2018-02-12 23:00 – Updated: 2024-09-16 18:29
VLAI?
Summary
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T15:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-02-12T00:00:00",
"ID": "CVE-2017-9963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere",
"refsource": "MISC",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-9963",
"datePublished": "2018-02-12T23:00:00Z",
"dateReserved": "2017-06-26T00:00:00",
"dateUpdated": "2024-09-16T18:29:56.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7972 (GCVE-0-2017-7972)
Vulnerability from nvd – Published: 2017-09-25 19:00 – Updated: 2024-09-16 17:59
VLAI?
Summary
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.
Severity ?
No CVSS data available.
CWE
- Escaping PowerSCADA Application
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric SE | PowerSCADA Anywhere |
Affected:
Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerSCADA Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
},
{
"product": "Citect Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "version 1.0"
}
]
}
],
"datePublic": "2017-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escaping PowerSCADA Application",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2017-06-22T00:00:00",
"ID": "CVE-2017-7972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerSCADA Anywhere",
"version": {
"version_data": [
{
"version_value": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
}
},
{
"product_name": "Citect Anywhere",
"version": {
"version_data": [
{
"version_value": "version 1.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escaping PowerSCADA Application"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99913"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-7972",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-04-19T00:00:00",
"dateUpdated": "2024-09-16T17:59:07.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7970 (GCVE-0-2017-7970)
Vulnerability from nvd – Published: 2017-09-25 19:00 – Updated: 2024-09-17 02:56
VLAI?
Summary
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.
Severity ?
No CVSS data available.
CWE
- Information Exposure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric SE | PowerSCADA Anywhere |
Affected:
Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerSCADA Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
},
{
"product": "Citect Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "version 1.0"
}
]
}
],
"datePublic": "2017-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2017-06-22T00:00:00",
"ID": "CVE-2017-7970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerSCADA Anywhere",
"version": {
"version_data": [
{
"version_value": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
}
},
{
"product_name": "Citect Anywhere",
"version": {
"version_data": [
{
"version_value": "version 1.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99913"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-7970",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-04-19T00:00:00",
"dateUpdated": "2024-09-17T02:56:33.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7969 (GCVE-0-2017-7969)
Vulnerability from nvd – Published: 2017-09-25 19:00 – Updated: 2024-09-17 01:30
VLAI?
Summary
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
Severity ?
No CVSS data available.
CWE
- Cross Site Request Forgery
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric SE | PowerSCADA Anywhere |
Affected:
Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerSCADA Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
},
{
"product": "Citect Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "version 1.0"
}
]
}
],
"datePublic": "2017-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2017-06-22T00:00:00",
"ID": "CVE-2017-7969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerSCADA Anywhere",
"version": {
"version_data": [
{
"version_value": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
}
},
{
"product_name": "Citect Anywhere",
"version": {
"version_data": [
{
"version_value": "version 1.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99913"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-7969",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-04-19T00:00:00",
"dateUpdated": "2024-09-17T01:30:49.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7971 (GCVE-0-2017-7971)
Vulnerability from nvd – Published: 2017-09-25 19:00 – Updated: 2024-09-16 22:15
VLAI?
Summary
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.
Severity ?
No CVSS data available.
CWE
- Improper Validaiton of Certificate Expiration
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Schneider Electric SE | PowerSCADA Anywhere |
Affected:
Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerSCADA Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
},
{
"product": "Citect Anywhere",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "version 1.0"
}
]
}
],
"datePublic": "2017-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Validaiton of Certificate Expiration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-26T09:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "99913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2017-06-22T00:00:00",
"ID": "CVE-2017-7971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerSCADA Anywhere",
"version": {
"version_data": [
{
"version_value": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2"
}
]
}
},
{
"product_name": "Citect Anywhere",
"version": {
"version_data": [
{
"version_value": "version 1.0"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in Schneider Electric\u0027s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validaiton of Certificate Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99913"
},
{
"name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere",
"refsource": "CONFIRM",
"url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
},
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2017-7971",
"datePublished": "2017-09-25T19:00:00Z",
"dateReserved": "2017-04-19T00:00:00",
"dateUpdated": "2024-09-16T22:15:34.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}