Inadequate Encryption Strength in Schneider Electric's Wonderware InTouch Access Anywhere
CVE-2017-5160

5.3MEDIUM

Key Information:

Vendor: Aveva
Status: Schneider Electric Wonderware Intouch Access Anywhere
Vendor: CVE Published:; 20 April 2017

What is CVE-2017-5160?

An inadequate encryption strength vulnerability exists in Schneider Electric's Wonderware InTouch Access Anywhere. This issue arises due to the software's failure to properly validate the peer's SSL certificate when establishing a connection via Transport Layer Security. Consequently, this can expose the application to potential man-in-the-middle attacks, allowing unauthorized interception and manipulation of data transmitted over the network.

Affected Version(s)

Schneider Electric Wonderware InTouch Access Anywhere Schneider Electric Wonderware InTouch Access Anywhere

References

http://software.schneider-electric.com/pdf/security-bulle...

x_refsource_MISC

http://www.securityfocus.com/bid/97256

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2017
Vulnerability Reserved
Jan 3, 2017

Aveva

What is CVE-2017-5160?

Affected Version(s)

References

CVSS V3.1

Timeline