CVE-2017-5158

Sažetak

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/
http://www.securityfocus.com/bid/97256

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-09-2021 - 13:31

Objavljeno

20-04-2017 - 20:59