Schneider Electric IGSS Mobile

CVSS v3 6.4 ATTENTION: Locally exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: IGSS Mobile Vulnerabilities: Improper Certificate Validation, Plaintext Storage of a Password AFFECTED PRODUCTS Schneider Electric reports that the vulnerabilities affect the following IGS...

CVE-2017-9968

IGSS Mobile (Schneider Electric) affected: Android and iOS apps version 3.01 and earlier. Root cause: missing certificate pinning during TLS/SSL handshake, enabling potential MITM risks. Public-facing impact: credential exposure risk and MITM possibility as described in ICSA-18-046-03; CVSS v3 ba...