CVE-2017-7970
medium
CVSS v3
6.5
CVSS v2
3.3
VIR risk
6.5
Description
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.
Predictions
Exploit likelihood
65%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cybersecurity@se.com — https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere
Vendor advisory: cybersecurity@se.com — http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| schneider-electric | powerscada_anywhere | 1.0 | |
| schneider-electric | powerscada_expert | 8.1 | |
| schneider-electric | powerscada_expert | 8.2 | |
| schneider-electric | citect_anywhere | 1.0 | |
References
- http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
- http://www.securityfocus.com/bid/99913
- https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere
- http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
- http://www.securityfocus.com/bid/99913
- https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere
Verify integrity in audit chain (admin only). AS-IS.