CVE-2017-9968

Published: Feb 12, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.

Affected (2)

Products: Schneider Electric: Igss Mobile

Schneider Electric

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Igss Mobile	Up to 3.01
Schneider Electric Igss Mobile	Up to 3.01

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (6)

http://www.securityfocus.com/bid/103048

Source: cybersecurity@se.com

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03

Source: cybersecurity@se.com

Third Party AdvisoryUS Government Resource

https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/

Source: cybersecurity@se.com

Vendor Advisory

http://www.securityfocus.com/bid/103048

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.