CVE-2017-5178
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access.
Se ha descubierto un problema en Schneider Electric Tableau Server/Desktop Versions 7.0 a 10.1.3 en Wonderware Intelligence Versions 2014R3 y anteriores. Estas versiones contienen una cuenta de sistema que se instala por defecto. La cuenta de sistema por defecto es dificil de configurar sin credenciales por defecto tras la instalacción, y cambiar las credenciales por defecto en el Tableau Server incrustado no está documentado. Si Tableau Server se usa con la seguridad integrada de Windows (Active Directory), el software no es vulnerable. Sin embargo, cuando se utiliza Tableau Server con el modo de autenticación local, el software es vulnerable. La cuenta de sistema por defecto puede ser usada para obtener acceso no autorizado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-03 CVE Reserved
- 2017-03-08 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1188: Initialization of a Resource with an Insecure Default
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/96721 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-066-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000119 | 2021-06-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Tableau Desktop Search vendor "Schneider-electric" for product "Tableau Desktop" | 7.0 Search vendor "Schneider-electric" for product "Tableau Desktop" and version "7.0" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Tableau Desktop Search vendor "Schneider-electric" for product "Tableau Desktop" | 10.1.3 Search vendor "Schneider-electric" for product "Tableau Desktop" and version "10.1.3" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Tableau Server Search vendor "Schneider-electric" for product "Tableau Server" | 7.0 Search vendor "Schneider-electric" for product "Tableau Server" and version "7.0" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Tableau Server Search vendor "Schneider-electric" for product "Tableau Server" | 10.1.3 Search vendor "Schneider-electric" for product "Tableau Server" and version "10.1.3" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Wonderware Intelligence Search vendor "Schneider-electric" for product "Wonderware Intelligence" | <= 2014 Search vendor "Schneider-electric" for product "Wonderware Intelligence" and version " <= 2014" | r3 |
Affected
| ||||||