CVE-2017-5158

CRITICAL

Schneider Electric Wonderware InTouch Access Anywhere < 11.5.2 - Exposure of Sensitive Information via URL Parameters

Title source: llm
STIX 2.1

Description

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97256
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01

Scores

CVSS v3 9.8
EPSS 0.0242
EPSS Percentile 82.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (2)
aveva/wonderware_intouch_access_anywhere < 11.5.2
n/a/Schneider Electric Wonderware InTouch Access Anywhere Schneider Electric Wonderware InTouch Access Anywhere
Published Apr 20, 2017
Tracked Since Feb 18, 2026