CVE-2017-7972 - A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCAD

CVE-2017-7972

Summary

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.

References

Vulnerable Configurations

cpe:2.3:a:schneider-electric:powerscada_anywhere:1.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:powerscada_anywhere:1.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:powerscada_expert:8.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:powerscada_expert:8.1:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:powerscada_expert:8.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:powerscada_expert:8.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:citect_anywhere:1.0:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:citect_anywhere:1.0:*:*:*:*:*:*:*

CVSS

Base:	5.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:A/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bid	99913
confirm	http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/ https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere

Last major update

03-10-2019 - 00:03

Published

26-09-2017 - 01:29

Last modified

03-10-2019 - 00:03