CVE-2017-7970

Published: Sep 26, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.

Affected (2)

Products: Schneider Electric: Powerscada Anywhere, Citect Anywhere

Schneider Electric

2 products

Powerscada Anywhere

Citect Anywhere

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Schneider Electric Powerscada Anywhere	Version 1.0

Running on/with	Platform Versions
Schneider Electric Powerscada Expert	Version 8.1
Schneider Electric Powerscada Expert	Version 8.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Citect Anywhere	Version 1.0

References (6)

http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/

Source: cybersecurity@se.com

MitigationPatchVendor Advisory

http://www.securityfocus.com/bid/99913

Source: cybersecurity@se.com

Third Party AdvisoryVDB Entry

https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere

Source: cybersecurity@se.com

Issue TrackingMitigationPatchVendor Advisory

http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

http://www.securityfocus.com/bid/99913

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationPatchVendor Advisory

Timeline

No history available yet.