An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
References
Link | Resource |
---|---|
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ | Vendor Advisory |
http://www.securityfocus.com/bid/97256 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2017-04-20T19:00:00
Updated: 2017-04-21T09:57:01
Reserved: 2017-01-03T00:00:00
Link: CVE-2017-5158
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-04-20T20:59:00.440
Modified: 2021-09-09T13:31:32.243
Link: CVE-2017-5158
JSON object: View
Redhat Information
No data.
CWE