CVE-2017-5158

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
avevawonderware_intouch_access_anywhere
𝑥
≤ 11.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/
http://www.securityfocus.com/bid/97256
https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/
http://www.securityfocus.com/bid/97256
https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01