CVE-2017-9969

Published: Feb 12, 2018Modified: Nov 21, 2024

6.7

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information.

Affected (2)

Products: Schneider Electric: Igss Mobile

Schneider Electric

1 product

Igss Mobile

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Igss Mobile	Up to 3.01
Schneider Electric Igss Mobile	Up to 3.01

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

http://www.securityfocus.com/bid/103046

Source: cybersecurity@se.com

Third Party AdvisoryVDB EntryVendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03

Source: cybersecurity@se.com

Third Party AdvisoryUS Government Resource

https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/

Source: cybersecurity@se.com

Vendor Advisory

http://www.securityfocus.com/bid/103046

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB EntryVendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.