Vulnerability Description
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aveva | Wonderware Intouch Access Anywhere | <= 11.5.2 |
Related Weaknesses (CWE)
References
- http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/Vendor Advisory
- http://www.securityfocus.com/bid/97256Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01Third Party AdvisoryUS Government Resource
- http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/Vendor Advisory
- http://www.securityfocus.com/bid/97256Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-5158?
CVE-2017-5158 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL paramet...
How severe is CVE-2017-5158?
CVE-2017-5158 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-5158?
Check the references section above for vendor advisories and patch information. Affected products include: Aveva Wonderware Intouch Access Anywhere.