CVE-2017-7971

6.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Powerscada Anywhere; Citect Anywhere
Vendor: CVE Published:; 22 June 2017

Summary

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.

Affected Version(s)

Citect Anywhere version 1.0

PowerSCADA Anywhere Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2

References

http://www.securityfocus.com/bid/99913

vdb-entryx_refsource_BID

https://www.citect.schneider-electric.com/safety-and-secu...

x_refsource_CONFIRM

http://www.schneider-electric.com/en/download/document/SE...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2017
Vulnerability Reserved
Apr 19, 2017

.