CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5156
https://notcve.org/view.php?id=CVE-2017-5156
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. Un problema CSRF fue descubierto en Schneider Electric Wonderware InTouch Access Anywhere, versión 11.5.2 y en versiones anteriores. La solicitud del cliente puede falsificarse desde un sitio diferente. • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114 http://www.securityfocus.com/bid/97256 https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5160
https://notcve.org/view.php?id=CVE-2017-5160
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. Se ha descubierto un problema Inadequate Encryption Strength en Schneider Electric Wonderware InTouch Access Anywhere, versión 11.5.2 y en versiones anteriores. El software se conectará a través de Transport Layer Security sin verificar correctamente el certificado SSL de los pares. • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114 http://www.securityfocus.com/bid/97256 https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5158
https://notcve.org/view.php?id=CVE-2017-5158
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified. Se ha descubierto un problema de exposición de la información en Schneider Electric Wonderware InTouch Access Anywhere, versión 11.5.2 y en versiones anteriores. Las credenciales pueden estar expuestas a sistemas externos a través de parámetros específicos de URL, se pueden especificar direcciones de destino arbitrarias. • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114 http://www.securityfocus.com/bid/97256 https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •