CVE-2017-5158: Infoleak
First published: Thu Apr 20 2017(Updated: )
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AVEVA InTouch | <=11.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-5158?
CVE-2017-5158 is rated as a medium severity issue due to potential information exposure risks.
How do I fix CVE-2017-5158?
To fix CVE-2017-5158, update your Schneider Electric Wonderware InTouch Access Anywhere software to version 11.5.3 or later.
What types of data are exposed in CVE-2017-5158?
CVE-2017-5158 may expose user credentials through specific URL parameters.
Which versions of Wonderware are affected by CVE-2017-5158?
CVE-2017-5158 affects Schneider Electric Wonderware InTouch Access Anywhere versions 11.5.2 and prior.
What is the impact of CVE-2017-5158?
The impact of CVE-2017-5158 includes unauthorized access to user credentials, potentially compromising security.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/aveva
- canonical/aveva intouch
- version/aveva intouch/11.5.2