CVE-2017-5160

low-risk

Published 2017-04-20

An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Wonderware Intouch Access Anywhere

Affected Vendors

Aveva

References (6)

Vendor Advisory http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/

Third Party Advisory http://www.securityfocus.com/bid/97256

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01

Vendor Advisory http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/

Third Party Advisory http://www.securityfocus.com/bid/97256

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01

/ 100

low-risk

Severity 17/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal