gsd - gsd-2017-5160

gsd-2017-5160

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.

Aliases

CVE-2017-5160

Aliases

CVE-2017-5160

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-5160",
    "description": "An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer\u0027s SSL certificate properly.",
    "id": "GSD-2017-5160"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-5160"
      ],
      "details": "An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer\u0027s SSL certificate properly.",
      "id": "GSD-2017-5160",
      "modified": "2023-12-13T01:21:13.611638Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-5160",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Schneider Electric Wonderware InTouch Access Anywhere",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Schneider Electric Wonderware InTouch Access Anywhere"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer\u0027s SSL certificate properly."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Inadequate Encryption Strength"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/",
            "refsource": "MISC",
            "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
          },
          {
            "name": "97256",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97256"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:aveva:wonderware_intouch_access_anywhere:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.5.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-5160"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer\u0027s SSL certificate properly."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-326"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"
            },
            {
              "name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"
            },
            {
              "name": "97256",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97256"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-08-31T19:49Z",
      "publishedDate": "2017-04-20T20:59Z"
    }
  }
}

CVE-2017-5160 (GCVE-0-2017-5160)

Vulnerability from cvelistv5

Published

2017-04-20 19:00

Modified

2024-08-05 14:55

Severity ?

CWE

Inadequate Encryption Strength

Summary

References

URL

Tags

	http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/	x_refsource_MISC
	http://www.securityfocus.com/bid/97256	vdb-entry, x_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Schneider Electric Wonderware InTouch Access Anywhere	Version: Schneider Electric Wonderware InTouch Access Anywhere

Show details on NVD website