Details of VAR-201709-1098

ID

VAR-201709-1098

CVE

CVE-2017-7970

TITLE

Schneider Electric PowerSCADA Anywhere/Citect Anywhere Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: a79cfd48-2292-4e5d-a04d-3949ff1c8b41 // CNVD: CNVD-2017-22844

DESCRIPTION

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components. Schneider Electric's PowerSCADA Anywhere and Citect Anywhere Contains an access control vulnerability.Information may be obtained. PowerSCADA Anywhere is SCADA and power monitoring software. Citect is an industrial automation operation and monitoring software. There are information disclosure vulnerabilities in the implementation of PowerSCADA Anywhere 1.0 and Citect Anywhere 1.0. An attacker with a close network location can specify any server target node in the connection request. Schneider Electric PowerSCADA Anywhere and Citect Anywhere are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability 2. An information-disclosure vulnerability 3. Multiple security-bypass vulnerabilities Exploiting these issues could allow an attacker to obtain sensitive information, bypass certain security restrictions, perform unauthorized actions, or gain access to the affected system. Following products and versions are vulnerable: PowerSCADA Anywhere 1.0 redistributed with PowerSCADA Expert 8.1 and PowerSCADA Expert 8.2 Citect Anywhere 1.0

Trust: 2.61

sources: NVD: CVE-2017-7970 // JVNDB: JVNDB-2017-008373 // CNVD: CNVD-2017-22844 // BID: 99913 // IVD: a79cfd48-2292-4e5d-a04d-3949ff1c8b41

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a79cfd48-2292-4e5d-a04d-3949ff1c8b41 // CNVD: CNVD-2017-22844

AFFECTED PRODUCTS

vendor:	schneider electric	model:	powerscada anywhere	scope:	eq	version:	1.0	Trust: 2.7
vendor:	schneider electric	model:	citect anywhere	scope:	eq	version:	1.0	Trust: 2.7
vendor:	schneider	model:	electric citect anywhere	scope:	eq	version:	1.0	Trust: 0.6
vendor:	schneider	model:	electric powerscada anywhere	scope:	eq	version:	1.0	Trust: 0.6
vendor:	schneider electric	model:	powerscada expert	scope:	eq	version:	8.2	Trust: 0.3
vendor:	schneider electric	model:	powerscada expert	scope:	eq	version:	8.1	Trust: 0.3
vendor:	powerscada anywhere	model:	-	scope:	eq	version:	1.0	Trust: 0.2
vendor:	citect anywhere	model:	-	scope:	eq	version:	1.0	Trust: 0.2

sources: IVD: a79cfd48-2292-4e5d-a04d-3949ff1c8b41 // CNVD: CNVD-2017-22844 // BID: 99913 // JVNDB: JVNDB-2017-008373 // CNNVD: CNNVD-201704-898 // NVD: CVE-2017-7970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7970
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7970
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-22844
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-898
value:	MEDIUM
Trust: 0.6
IVD:	a79cfd48-2292-4e5d-a04d-3949ff1c8b41
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2017-7970
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-22844
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a79cfd48-2292-4e5d-a04d-3949ff1c8b41
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-7970
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: a79cfd48-2292-4e5d-a04d-3949ff1c8b41 // CNVD: CNVD-2017-22844 // JVNDB: JVNDB-2017-008373 // CNNVD: CNNVD-201704-898 // NVD: CVE-2017-7970

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2017-008373 // NVD: CVE-2017-7970

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201704-898

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-898

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008373

PATCH

title:	SEVD-2017-173-01	url:	https://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/	Trust: 0.8
title:	Security Notification - Citect Anywhere	url:	https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere	Trust: 0.8
title:	Schneider Electric PowerSCADA Anywhere/Citect Anywhere Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/100825	Trust: 0.6
title:	Schneider Electric PowerSCADA Anywhere and Citect Anywhere Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99737	Trust: 0.6

sources: CNVD: CNVD-2017-22844 // JVNDB: JVNDB-2017-008373 // CNNVD: CNNVD-201704-898

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7970	Trust: 3.5
db:	SCHNEIDER	id:	SEVD-2017-173-01	Trust: 1.9
db:	BID	id:	99913	Trust: 1.9
db:	ICS CERT	id:	ICSA-17-201-01	Trust: 0.9
db:	CNVD	id:	CNVD-2017-22844	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-898	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-008373	Trust: 0.8
db:	IVD	id:	A79CFD48-2292-4E5D-A04D-3949FF1C8B41	Trust: 0.2

sources: IVD: a79cfd48-2292-4e5d-a04d-3949ff1c8b41 // CNVD: CNVD-2017-22844 // BID: 99913 // JVNDB: JVNDB-2017-008373 // CNNVD: CNNVD-201704-898 // NVD: CVE-2017-7970

REFERENCES

url:	http://www.schneider-electric.com/en/download/document/sevd-2017-173-01/	Trust: 1.9
url:	https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere	Trust: 1.6
url:	http://www.securityfocus.com/bid/99913	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7970	Trust: 1.4
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-201-01	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7970	Trust: 0.8
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: CNVD: CNVD-2017-22844 // BID: 99913 // JVNDB: JVNDB-2017-008373 // CNNVD: CNNVD-201704-898 // NVD: CVE-2017-7970

CREDITS

Schneider Electric

Trust: 0.3

sources: BID: 99913

SOURCES

db:	IVD	id:	a79cfd48-2292-4e5d-a04d-3949ff1c8b41
db:	CNVD	id:	CNVD-2017-22844
db:	BID	id:	99913
db:	JVNDB	id:	JVNDB-2017-008373
db:	CNNVD	id:	CNNVD-201704-898
db:	NVD	id:	CVE-2017-7970

LAST UPDATE DATE

2025-04-20T23:22:11.065000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-22844	date:	2017-09-22T00:00:00
db:	BID	id:	99913	date:	2017-07-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-008373	date:	2017-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201704-898	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-7970	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	a79cfd48-2292-4e5d-a04d-3949ff1c8b41	date:	2017-08-25T00:00:00
db:	CNVD	id:	CNVD-2017-22844	date:	2017-08-25T00:00:00
db:	BID	id:	99913	date:	2017-07-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-008373	date:	2017-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201704-898	date:	2017-04-20T00:00:00
db:	NVD	id:	CVE-2017-7970	date:	2017-09-26T01:29:03.537