SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-286374165] Schneider Electric Wonderware InTouch Access Anywhere

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-03-30OtherSchneider ElectricRuslan Habalov and Jan Bee of the Google ISA Assessments Team identified these vulnerabilities.N/ACVE-2017-5156 CVE-2017-5158 CVE-2017-5160 N/AN/AN/A

Source

						
							
								
#
# Schneider Electric Wonderware InTouch Access Anywhere
#


### VULNERABLE VENDOR
Schneider Electric


### VULNERABLE PRODUCT
Wonderware InTouch Access Anywhere



### RESEARCHER
Ruslan Habalov and Jan Bee of the Google ISA Assessments Team identified these vulnerabilities.



### AFFECTED PRODUCTS

The following Wonderware InTouch Access Anywhere versions are affected:

Wonderware InTouch Access Anywhere, version 11.5.2 and prior.



### IMPACT

Successful exploitation of these vulnerabilities could allow an attacker to perform actions on behalf of a legitimate user, perform network reconnaissance, and gain access to resources beyond those intended with normal operation of the product.



### VULNERABILITY OVERVIEW

CROSS-SITE REQUEST FORGERY CWE-352
The client request may be forged from a different site.
This will allow an external site to access internal RDP systems on behalf of the currently logged in user.
CVE-2017-5156 has been assigned to this vulnerability.
A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)


INFORMATION EXPOSURE CWE-200
Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
CVE-2017-5158 has been assigned to this vulnerability.
A CVSS v3 base score of 6.5 has been calculated by Schneider Electric; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)


INADEQUATE ENCRYPTION STRENGTH CWE-326
The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.
CVE-2017-5160 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)





### BACKGROUND

Critical Infrastructure Sectors: Critical Manufacturing, Energy, Healthcare and Public Health, and Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Paris, France




### MITIGATION

Schneider Electric has released a new software version to address the identified vulnerabilities and recommends that users of affected versions upgrade to Wonderware InTouch Access Anywhere 2017 (17.0.0).

Users of Wonderware InTouch Access Anywhere can login at the following support site to download the upgrade:

https://gcsresource.invensys.com/tracking/ConfirmDownload.aspx?id=22401


Schneider Electric has issued Security Bulletin LFSEC00000114, which contains additional information:

http://software.schneider-electric.com/support/cyber-security-updates/