CVE-2017-9968

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:android:*:*
cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:iphone_os:*:*

History

No history.

Information

Published : 2018-02-12 23:29

Updated : 2024-02-28 16:25


NVD link : CVE-2017-9968

Mitre link : CVE-2017-9968

CVE.ORG link : CVE-2017-9968


JSON object : View

Products Affected

schneider-electric

  • igss_mobile
CWE
CWE-295

Improper Certificate Validation