{"api_version":"1","generated_at":"2026-04-22T23:07:54+00:00","cve":"CVE-2017-5160","urls":{"html":"https://cve.report/CVE-2017-5160","api":"https://cve.report/api/cve/CVE-2017-5160.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-5160","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-5160"},"summary":{"title":"CVE-2017-5160","description":"An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2017-04-20 20:59:00","updated_at":"2021-08-31 19:49:00"},"problem_types":["CWE-326"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/97256","name":"97256","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Wonderware InTouch Access Anywhere Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01","name":"https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Schneider Electric Wonderware InTouch Access Anywhere | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/","name":"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/","refsource":"MISC","tags":["Vendor Advisory"],"title":"AVEVA - Global Leader in Industrial Software","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-5160","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5160","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"5160","vulnerable":"1","versionEndIncluding":"11.5.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"aveva","cpe5":"wonderware_intouch_access_anywhere","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5160","vulnerable":"1","versionEndIncluding":"11.5.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"schneider_electric","cpe5":"wonderware_intouch_access_anywhere_2014","cpe6":"*","cpe7":"sp1b","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2017-5160","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Schneider Electric Wonderware InTouch Access Anywhere","version":{"version_data":[{"version_value":"Schneider Electric Wonderware InTouch Access Anywhere"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Inadequate Encryption Strength"}]}]},"references":{"reference_data":[{"name":"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/","refsource":"MISC","url":"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/"},{"name":"97256","refsource":"BID","url":"http://www.securityfocus.com/bid/97256"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01"}]}},"nvd":{"publishedDate":"2017-04-20 20:59:00","lastModifiedDate":"2021-08-31 19:49:00","problem_types":["CWE-326"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.6,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:aveva:wonderware_intouch_access_anywhere:*:*:*:*:*:*:*:*","versionEndIncluding":"11.5.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"5160","Ordinal":"101660","Title":"CVE-2017-5160","CVE":"CVE-2017-5160","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"5160","Ordinal":"1","NoteData":"An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"5160","Ordinal":"2","NoteData":"2017-04-20","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"5160","Ordinal":"3","NoteData":"2017-04-21","Type":"Other","Title":"Modified"}]}}}