CVE-2017-7970

3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 68.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Schneider Electric SE Citect AnywhereSchneider Electric SE Powerscada AnywhereSchneider-electric Citect Anywhere+1 more
Timeline
PublishedSep 26
Latest updateMay 13

Description

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5schneider_electric_se/powerscada_anywhereVersion 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2

Patches

Patch: www.schneider-electric.comPatch: www.citect.schneider-electric.comPatch: www.schneider-electric.com

🔴Vulnerability Details

2
GHSA
GHSA-mgw3-q3cc-425w: A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v12022-05-13
CVEList
CVE-2017-7970: A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v12017-09-25
CVE-2017-7970 (MEDIUM CVSS 6.5) | A vulnerability exists in Schneider | cvebase.io