An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
References
Link | Resource |
---|---|
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ | Vendor Advisory |
http://www.securityfocus.com/bid/97256 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 | Third Party Advisory US Government Resource |
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ | Vendor Advisory |
http://www.securityfocus.com/bid/97256 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 03:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/97256 - Third Party Advisory, VDB Entry | |
References | () https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 - Third Party Advisory, US Government Resource |
Information
Published : 2017-04-20 20:59
Updated : 2024-11-21 03:27
NVD link : CVE-2017-5158
Mitre link : CVE-2017-5158
CVE.ORG link : CVE-2017-5158
JSON object : View
Products Affected
aveva
- wonderware_intouch_access_anywhere
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor