VYPR

Wonderware InTouch Access Anywhere

by Schneider Electric

CVEs (4)

  • CVE-2017-5158CriApr 20, 2017
    risk 0.64cvss 9.8epss 0.02

    An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.

  • CVE-2017-5156HigApr 20, 2017
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the…

  • CVE-2017-5160MedApr 20, 2017
    risk 0.34cvss 5.3epss 0.01

    An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.

  • CVE-2014-9190Jan 10, 2015
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.