Vulnerabilities > CVE-2017-7972 - Unspecified vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW low complexity
schneider-electric
Summary
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
References
- http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
- http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
- http://www.securityfocus.com/bid/99913
- http://www.securityfocus.com/bid/99913
- https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere
- https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere