CVE-2017-7972

5.5MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Powerscada Anywhere; Citect Anywhere
Vendor: CVE Published:; 26 September 2017

Summary

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.

Affected Version(s)

Citect Anywhere version 1.0

PowerSCADA Anywhere Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2

References

http://www.securityfocus.com/bid/99913

vdb-entryx_refsource_BID

https://www.citect.schneider-electric.com/safety-and-secu...

x_refsource_CONFIRM

http://www.schneider-electric.com/en/download/document/SE...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2017
Vulnerability Reserved
Apr 19, 2017

.