PT-2017-18036 · Schneider Electric · Powerscada Anywhere+2
Published
2017-09-25
·
Updated
2019-10-03
·
CVE-2017-7970
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Schneider Electric PowerSCADA Anywhere version 1.0
Schneider Electric PowerSCADA Expert versions 8.1 through 8.2
Citect Anywhere version 1.0
Description
A vulnerability exists that allows the ability to specify arbitrary server target nodes in connection requests to the Secure Gateway and Server components.
Recommendations
For PowerSCADA Anywhere version 1.0, restrict access to the Secure Gateway and Server components to minimize the risk of exploitation.
For PowerSCADA Expert versions 8.1 through 8.2, consider disabling the connection request feature to the Secure Gateway and Server components until a patch is available.
For Citect Anywhere version 1.0, avoid using the arbitrary server target node specification in connection requests until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Citect Anywhere
Powerscada Anywhere
Powerscada Expert