Search criteria
9 vulnerabilities found for wonderware_intouch_access_anywhere by aveva
FKIE_CVE-2017-5156
Vulnerability from fkie_nvd - Published: 2017-04-20 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ | Vendor Advisory | |
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/97256 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97256 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | wonderware_intouch_access_anywhere | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:wonderware_intouch_access_anywhere:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAD0ADB-82DF-42F2-BBE1-07C74BCEF971",
"versionEndIncluding": "11.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user."
},
{
"lang": "es",
"value": "Un problema CSRF fue descubierto en Schneider Electric Wonderware InTouch Access Anywhere, versi\u00f3n 11.5.2 y en versiones anteriores. La solicitud del cliente puede falsificarse desde un sitio diferente. Esto permitir\u00e1 que un sitio externo tenga acceso a los sistemas RDP internos en nombre del usuario actualmente conectado."
}
],
"id": "CVE-2017-5156",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T20:59:00.237",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5158
Vulnerability from fkie_nvd - Published: 2017-04-20 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ | Vendor Advisory | |
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/97256 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97256 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | wonderware_intouch_access_anywhere | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:wonderware_intouch_access_anywhere:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAD0ADB-82DF-42F2-BBE1-07C74BCEF971",
"versionEndIncluding": "11.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de exposici\u00f3n de la informaci\u00f3n en Schneider Electric Wonderware InTouch Access Anywhere, versi\u00f3n 11.5.2 y en versiones anteriores. Las credenciales pueden estar expuestas a sistemas externos a trav\u00e9s de par\u00e1metros espec\u00edficos de URL, se pueden especificar direcciones de destino arbitrarias."
}
],
"id": "CVE-2017-5158",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T20:59:00.440",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5160
Vulnerability from fkie_nvd - Published: 2017-04-20 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ | Vendor Advisory | |
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/97256 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97256 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aveva | wonderware_intouch_access_anywhere | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aveva:wonderware_intouch_access_anywhere:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAD0ADB-82DF-42F2-BBE1-07C74BCEF971",
"versionEndIncluding": "11.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer\u0027s SSL certificate properly."
},
{
"lang": "es",
"value": "Se ha descubierto un problema Inadequate Encryption Strength en Schneider Electric Wonderware InTouch Access Anywhere, versi\u00f3n 11.5.2 y en versiones anteriores. El software se conectar\u00e1 a trav\u00e9s de Transport Layer Security sin verificar correctamente el certificado SSL de los pares."
}
],
"id": "CVE-2017-5160",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T20:59:00.487",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-5156 (GCVE-0-2017-5156)
Vulnerability from cvelistv5 – Published: 2017-04-20 19:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user.
Severity ?
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Schneider Electric Wonderware InTouch Access Anywhere |
Affected:
Schneider Electric Wonderware InTouch Access Anywhere
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:34.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric Wonderware InTouch Access Anywhere",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
],
"datePublic": "2017-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Wonderware InTouch Access Anywhere",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/",
"refsource": "MISC",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97256"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-5156",
"datePublished": "2017-04-20T19:00:00",
"dateReserved": "2017-01-03T00:00:00",
"dateUpdated": "2024-08-05T14:55:34.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5160 (GCVE-0-2017-5160)
Vulnerability from cvelistv5 – Published: 2017-04-20 19:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.
Severity ?
No CVSS data available.
CWE
- Inadequate Encryption Strength
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Schneider Electric Wonderware InTouch Access Anywhere |
Affected:
Schneider Electric Wonderware InTouch Access Anywhere
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric Wonderware InTouch Access Anywhere",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
],
"datePublic": "2017-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer\u0027s SSL certificate properly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inadequate Encryption Strength",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Wonderware InTouch Access Anywhere",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer\u0027s SSL certificate properly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inadequate Encryption Strength"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/",
"refsource": "MISC",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97256"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-5160",
"datePublished": "2017-04-20T19:00:00",
"dateReserved": "2017-01-03T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5158 (GCVE-0-2017-5158)
Vulnerability from cvelistv5 – Published: 2017-04-20 19:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
Severity ?
No CVSS data available.
CWE
- Information Exposure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Schneider Electric Wonderware InTouch Access Anywhere |
Affected:
Schneider Electric Wonderware InTouch Access Anywhere
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric Wonderware InTouch Access Anywhere",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
],
"datePublic": "2017-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Wonderware InTouch Access Anywhere",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/",
"refsource": "MISC",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97256"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-5158",
"datePublished": "2017-04-20T19:00:00",
"dateReserved": "2017-01-03T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5156 (GCVE-0-2017-5156)
Vulnerability from nvd – Published: 2017-04-20 19:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user.
Severity ?
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Schneider Electric Wonderware InTouch Access Anywhere |
Affected:
Schneider Electric Wonderware InTouch Access Anywhere
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:34.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric Wonderware InTouch Access Anywhere",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
],
"datePublic": "2017-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Wonderware InTouch Access Anywhere",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/",
"refsource": "MISC",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97256"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-5156",
"datePublished": "2017-04-20T19:00:00",
"dateReserved": "2017-01-03T00:00:00",
"dateUpdated": "2024-08-05T14:55:34.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5160 (GCVE-0-2017-5160)
Vulnerability from nvd – Published: 2017-04-20 19:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.
Severity ?
No CVSS data available.
CWE
- Inadequate Encryption Strength
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Schneider Electric Wonderware InTouch Access Anywhere |
Affected:
Schneider Electric Wonderware InTouch Access Anywhere
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric Wonderware InTouch Access Anywhere",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
],
"datePublic": "2017-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer\u0027s SSL certificate properly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inadequate Encryption Strength",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Wonderware InTouch Access Anywhere",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer\u0027s SSL certificate properly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inadequate Encryption Strength"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/",
"refsource": "MISC",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97256"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-5160",
"datePublished": "2017-04-20T19:00:00",
"dateReserved": "2017-01-03T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5158 (GCVE-0-2017-5158)
Vulnerability from nvd – Published: 2017-04-20 19:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
Severity ?
No CVSS data available.
CWE
- Information Exposure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Schneider Electric Wonderware InTouch Access Anywhere |
Affected:
Schneider Electric Wonderware InTouch Access Anywhere
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Schneider Electric Wonderware InTouch Access Anywhere",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
],
"datePublic": "2017-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric Wonderware InTouch Access Anywhere",
"version": {
"version_data": [
{
"version_value": "Schneider Electric Wonderware InTouch Access Anywhere"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/",
"refsource": "MISC",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
},
{
"name": "97256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97256"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-5158",
"datePublished": "2017-04-20T19:00:00",
"dateReserved": "2017-01-03T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}