Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Aveva Subscribe
Filtered by product Wonderware Intouch Access Anywhere
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5156 1 Aveva 1 Wonderware Intouch Access Anywhere 2021-09-09 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user.
CVE-2017-5158 1 Aveva 1 Wonderware Intouch Access Anywhere 2021-09-09 5.0 MEDIUM 9.8 CRITICAL
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
CVE-2017-5160 1 Aveva 1 Wonderware Intouch Access Anywhere 2021-08-31 3.5 LOW 5.3 MEDIUM
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly.