CVE-2017-9959

A vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.

Source: CVE-2017-9959

CVE-2017-7972

A vulnerability exists in Schneider Electric’s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.

Source: CVE-2017-7972

CVE-2017-7970

A vulnerability exists in Schneider Electric’s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.

Source: CVE-2017-7970

CVE-2017-7969

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric’s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.

Source: CVE-2017-7969

CVE-2017-7971

A vulnerability exists in Schneider Electric’s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.

Source: CVE-2017-7971

CVE-2017-9960

An information disclosure vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.

Source: CVE-2017-9960

CVE-2017-9957

A vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.

Source: CVE-2017-9957

CVE-2017-7973

A SQL injection vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

Source: CVE-2017-7973

CVE-2017-7974

A path traversal information disclosure vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.

Source: CVE-2017-7974

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.

Source: CVE-2017-14737