CVE-2017-5160
Summary
| CVE | CVE-2017-5160 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-04-20 20:59:00 UTC |
| Updated | 2021-08-31 19:49:00 UTC |
| Description | An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. |
Risk And Classification
Problem Types: CWE-326
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Aveva | Wonderware Intouch Access Anywhere | All | All | All | All |
| Application | Schneider Electric | Wonderware Intouch Access Anywhere 2014 | All | sp1b | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Wonderware InTouch Access Anywhere Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Schneider Electric Wonderware InTouch Access Anywhere | ICS-CERT | MISC | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource |
| AVEVA - Global Leader in Industrial Software | MISC | software.schneider-electric.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.