GCVE - cpe:2.3:a:aveva:wonderware_intouch_access

Approved changes feed: RSS · Atom

cpe:2.3:a:aveva:wonderware_intouch_access_anywhere:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Aveva (`419325dd-398d-5d8e-98c9-e41c800a541d`)
Product	Wonderware Intouch Access Anywhere (`375f43e2-c978-55b9-860f-5bfb8b4f06ad`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-5160`	vulnerable	2026-06-03 14:37:18.576182	Details available An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. Published: 2017-04-20T19:00:00.000Z Updated: 2024-08-05T14:55:35.401Z Open on db.gcve.eu Reference links http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ http://www.securityfocus.com/bid/97256 https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-5158`	vulnerable	2026-06-03 14:37:18.573093	Details available An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified. Published: 2017-04-20T19:00:00.000Z Updated: 2024-08-05T14:55:35.144Z Open on db.gcve.eu Reference links http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ http://www.securityfocus.com/bid/97256 https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-5156`	vulnerable	2026-06-03 14:37:18.569090	Details available A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. Published: 2017-04-20T19:00:00.000Z Updated: 2024-08-05T14:55:34.857Z Open on db.gcve.eu Reference links http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/ http://www.securityfocus.com/bid/97256 https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Wonderware Intouch Access Anywhere

PURL mappings

Vulnerability references

Contribute