Vulnerability CVE-2017-9968


Published: 2018-02-12   Modified: 2018-02-13

Description:
A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.

 References:
https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/

Copyright 2018, cxsecurity.com

 

Back to Top