CVE-2017-5160: Weak Encryption
First published: Thu Apr 20 2017(Updated: )
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AVEVA InTouch | <=11.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-5160?
CVE-2017-5160 has a medium severity rating due to its inadequate encryption strength.
How do I fix CVE-2017-5160?
To fix CVE-2017-5160, upgrade to a newer version of Schneider Electric Wonderware InTouch Access Anywhere that ensures proper SSL certificate verification.
What vulnerabilities are associated with CVE-2017-5160?
CVE-2017-5160 is associated with vulnerabilities related to insecure SSL/TLS implementations.
Which versions are affected by CVE-2017-5160?
CVE-2017-5160 affects Schneider Electric Wonderware InTouch Access Anywhere versions 11.5.2 and prior.
What type of issue is CVE-2017-5160 classified as?
CVE-2017-5160 is classified as an Inadequate Encryption Strength issue.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/aveva
- canonical/aveva intouch
- version/aveva intouch/11.5.2