Main Vulnerability Database Vulnerabilities #VU38198

Improper Certificate Validation in Citect Anywhere - CVE-2017-7971

Published: September 26, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38198

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-7971

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Schneider Electric

Affected software:
Citect Anywhere

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.

How to mitigate CVE-2017-7971

Install update from vendor's website.

Sources

http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
http://www.securityfocus.com/bid/99913
https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere

Improper Certificate Validation in Citect Anywhere - CVE-2017-7971

Detailed vulnerability description

How to mitigate CVE-2017-7971

Sources

Please verify you're human