SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-694414786] Geovap Reliance SCADA

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-11-30OtherGeovapCan Demirel of Biznet Bilisim reported the vulnerability to ICS-CERT.N/ACVE-2017-1672 N/AN/AN/A

Source

						
							
								
#
# Geovap Reliance SCADA
#


### VULNERABLE VENDOR
Geovap


### VULNERABLE PRODUCT
Reliance SCADA 


### RESEARCHER
Can Demirel of Biznet Bilisim reported the vulnerability to ICS-CERT.


### AFFECTED PRODUCTS
The following versions of Reliance SCADA, a software management platform, are affected:

Reliance SCADA Version 4.7.3 Update 2 and prior


### IMPACT
Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary JavaScript in a specially crafted URL request that may allow for read/write access.


### VULNERABILITY OVERVIEW
IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
This vulnerability could allow an unauthenticated attacker to inject arbitrary code.
CVE-2017-16721 has been assigned to this vulnerability.
A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)





### BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems, and Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Czech Republic




### MITIGATION

Geovap has released Version 4.7.3 Update 3 of the software which can be found at:

https://www.reliance-scada.com/en/download