Executive Summary

Informations
NameCVE-2017-9968First vendor Publication2018-02-12
VendorCveLast vendor Modification2018-02-17

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreNot DefinedAttack RangeNot Defined
Cvss Impact ScoreNot DefinedAttack ComplexityNot Defined
Cvss Expoit ScoreNot DefinedAuthenticationNot Defined
Calculate full CVSS 2.0 Vectors scores

Detail

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9968

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/103048
CONFIRM https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/
MISC https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2018-02-18 09:20:17
  • Multiple Updates
2018-02-16 09:20:27
  • Multiple Updates
2018-02-13 13:21:48
  • First insertion