Vulnerabilities for Wonderware intouch access anywhere 2014 (...) - CXSECURITY.COM

Vulnerabilities for
'Wonderware intouch access anywhere 2014'

2017-04-20

CVE-2017-5160

An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.

CVE-2017-5158

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.

CVE-2017-5156

A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user.

>>> Vendor: Schneider electric 24 Products

Modbus serial driver

Indusoft web studio

Wonderware intouch 2014

Struxureware building expert mpm

Struxureware building operations automation server as-p firmware

Struxureware building operations automation server as firmware

Telvent rtu firmware

Homelynk controller lss100100 firmware

Magelis stu small panel firmware

Magelis xbt gh advanced hand-held panel firmware

Magelis xbt gtw advanced open touchscreen panel firmware

Magelis sto5 small panel firmware

Magelis gto advanced optimum panel firmware

Magelis gtu universal panel firmware

Magelis xbt gk advanced touchscreen panel with keyboard firmware

Magelis xbt gt advanced touchscreen panel firmware

Wonderware intelligence

Tableau desktop

Wonderware intouch access anywhere 2014

Wonderware archestra logger

Modbus driver suite

Copyright 2024, cxsecurity.com