CVE-2017-7971

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 68.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric SE Citect Anywhere Schneider Electric SE Powerscada Anywhere Schneider-electric Citect Anywhere +1 more

Timeline

PublishedSep 26

Latest updateMay 17

Description

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDschneider-electric/powerscada_anywhere1.0

▶CVEListV5schneider_electric_se/powerscada_anywhereVersion 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2

▶NVDschneider-electric/citect_anywhere1.0

▶CVEListV5schneider_electric_se/citect_anywhereversion 1.0

Patches

Patch: www.schneider-electric.com ↗Patch: www.citect.schneider-electric.com ↗Patch: www.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-8f23-48gc-8rgj: A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1↗2022-05-17

▶

CVEList

CVE-2017-7971: A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1↗2017-09-25

▶