CVE-2017-9968

Опубликовано: 12 фев. 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.

Ссылки

http://www.securityfocus.com/bid/103048
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03
Third Party Advisory
US Government Resource
https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/
Vendor Advisory
http://www.securityfocus.com/bid/103048
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03
Third Party Advisory
US Government Resource
https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:android:*:*

Версия до 3.01 (включая)

cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:iphone_os:*:*

Версия до 3.01 (включая)

EPSS

Процентиль: 38%

0.00162

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-w8xw-59hx-9h9r