CVE-2017-7972

Name of the Vulnerable Software and Affected Versions Schneider Electric's PowerSCADA Anywhere version 1.0 PowerSCADA Expert versions 8.1 through 8.2 Citect Anywhere version 1.0

Description A vulnerability exists that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.

Recommendations For PowerSCADA Anywhere version 1.0, restrict access to the application to minimize the risk of exploitation. For PowerSCADA Expert versions 8.1 through 8.2, consider disabling remote access to PowerSCADA Anywhere until a fix is available. For Citect Anywhere version 1.0, avoid using the application for remote access until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.