Vulnerability Description
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Igss Mobile | <= 3.01 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103046Third Party AdvisoryVDB EntryVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03Third Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/Vendor Advisory
- http://www.securityfocus.com/bid/103046Third Party AdvisoryVDB EntryVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03Third Party AdvisoryUS Government Resource
- https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/Vendor Advisory
FAQ
What is CVE-2017-9969?
CVE-2017-9969 is a vulnerability with a CVSS score of 6.7 (MEDIUM). An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in expos...
How severe is CVE-2017-9969?
CVE-2017-9969 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9969?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Igss Mobile.