An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.
References
Link | Resource |
---|---|
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ | Vendor Advisory |
http://www.securityfocus.com/bid/97256 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2017-04-20T19:00:00
Updated: 2017-04-21T09:57:01
Reserved: 2017-01-03T00:00:00
Link: CVE-2017-5160
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-04-20T20:59:00.487
Modified: 2021-08-31T19:49:09.993
Link: CVE-2017-5160
JSON object: View
Redhat Information
No data.
CWE