CVE-2017-7970

6.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Powerscada Anywhere; Citect Anywhere
Vendor: CVE Published:; 26 September 2017

Summary

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.

Affected Version(s)

Citect Anywhere version 1.0

PowerSCADA Anywhere Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2

References

http://www.securityfocus.com/bid/99913

vdb-entryx_refsource_BID

https://www.citect.schneider-electric.com/safety-and-secu...

x_refsource_CONFIRM

http://www.schneider-electric.com/en/download/document/SE...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2017
Vulnerability Reserved
Apr 19, 2017

.