CVE-2017-7972

3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 67.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric SE Citect Anywhere Schneider Electric SE Powerscada Anywhere Schneider-electric Citect Anywhere +1 more

Timeline

PublishedSep 26

Latest updateMay 13

Description

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages4 packages

▶NVDschneider-electric/powerscada_anywhere1.0

▶CVEListV5schneider_electric_se/powerscada_anywhereVersion 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2

▶NVDschneider-electric/citect_anywhere1.0

▶CVEListV5schneider_electric_se/citect_anywhereversion 1.0

Patches

Patch: www.schneider-electric.com ↗Patch: www.citect.schneider-electric.com ↗Patch: www.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-jrq2-q27p-rp6q: A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1↗2022-05-13

▶

CVEList

CVE-2017-7972: A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1↗2017-09-25

▶