Lucene search

Schneider Electric Wonderware Intouch Access Anywhere Security Vulnerabilities

cve

CVE-2017-5158

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be...

9.8CVSS

9.2AI Score

0.004EPSS

2017-04-20 08:59 PM

cve

CVE-2017-5160

An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate...

5.3CVSS

5.1AI Score

0.001EPSS

2017-04-20 08:59 PM

cve

CVE-2017-5156

A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in...

8.8CVSS

8.5AI Score

0.002EPSS

2017-04-20 08:59 PM