CVE-2017-7970

Name of the Vulnerable Software and Affected Versions Schneider Electric PowerSCADA Anywhere version 1.0 Schneider Electric PowerSCADA Expert versions 8.1 through 8.2 Citect Anywhere version 1.0

Description A vulnerability exists that allows the ability to specify arbitrary server target nodes in connection requests to the Secure Gateway and Server components.

Recommendations For PowerSCADA Anywhere version 1.0, restrict access to the Secure Gateway and Server components to minimize the risk of exploitation. For PowerSCADA Expert versions 8.1 through 8.2, consider disabling the connection request feature to the Secure Gateway and Server components until a patch is available. For Citect Anywhere version 1.0, avoid using the arbitrary server target node specification in connection requests until the issue is resolved.