CVE-2017-7971
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cybersecurity@se.com — https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere
Vendor advisory: cybersecurity@se.com — http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| schneider-electric | powerscada_anywhere | 1.0 | |
| schneider-electric | powerscada_expert | 8.1 | |
| schneider-electric | powerscada_expert | 8.2 | |
| schneider-electric | citect_anywhere | 1.0 | |
References
- http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
- http://www.securityfocus.com/bid/99913
- https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere
- http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
- http://www.securityfocus.com/bid/99913
- https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere
CWEs
CWE-295
Verify integrity in audit chain (admin only). AS-IS.