CVE-2017-7972

Published Sep 26, 2017

Last updated 5 years ago

Overview

Description
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.
Source
cybersecurity@se.com
NVD status
Analyzed

Risk scores

CVSS 3.0

Type
Primary
Base score
5.5
Impact score
3.4
Exploitability score
2.1
Vector string
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
5.2
Impact score
6.4
Exploitability score
5.1
Vector string
AV:A/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

Configurations