Описание
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 11.5.2 (включая)
cpe:2.3:a:aveva:wonderware_intouch_access_anywhere:*:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01017
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
EPSS
Процентиль: 77%
0.01017
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200