CVE-2017-5158

Name of the Vulnerable Software and Affected Versions Schneider Electric Wonderware InTouch Access Anywhere versions prior to 11.5.2

Description An Information Exposure issue allows credentials to be exposed to external systems via specific URL parameters. This is possible because arbitrary destination addresses may be specified, potentially leading to unauthorized access.

Recommendations For versions prior to 11.5.2, update to a version newer than 11.5.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive URL parameters to minimize the risk of exploitation.