Vulnerability Description
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aveva | Wonderware Intouch Access Anywhere | <= 11.5.2 |
Related Weaknesses (CWE)
References
- http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/Vendor Advisory
- http://www.securityfocus.com/bid/97256Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01Third Party AdvisoryUS Government Resource
- http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/Vendor Advisory
- http://www.securityfocus.com/bid/97256Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-5160?
CVE-2017-5160 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security withou...
How severe is CVE-2017-5160?
CVE-2017-5160 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5160?
Check the references section above for vendor advisories and patch information. Affected products include: Aveva Wonderware Intouch Access Anywhere.