// For flags

CVE-2017-5160

 

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.

Se ha descubierto un problema Inadequate Encryption Strength en Schneider Electric Wonderware InTouch Access Anywhere, versión 11.5.2 y en versiones anteriores. El software se conectará a través de Transport Layer Security sin verificar correctamente el certificado SSL de los pares.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-01-03 CVE Reserved
  • 2017-04-20 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-326: Inadequate Encryption Strength
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Aveva
Search vendor "Aveva"
Wonderware Intouch Access Anywhere
Search vendor "Aveva" for product "Wonderware Intouch Access Anywhere"
<= 11.5.2
Search vendor "Aveva" for product "Wonderware Intouch Access Anywhere" and version " <= 11.5.2"
-
Affected