10 matches found
Schneider Electric IGSS Mobile
CVSS v3 6.4 ATTENTION: Locally exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: IGSS Mobile Vulnerabilities: Improper Certificate Validation, Plaintext Storage of a Password AFFECTED PRODUCTS Schneider Electric reports that the vulnerabilities affect the following IGS...
Security feature bypass
A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack...
CVE-2017-9968
A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack...
Information disclosure
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information...
CVE-2017-9969
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information...
CVE-2017-9969
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information...
CVE-2017-9968
A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack...
CVE-2017-9968
IGSS Mobile (Schneider Electric) affected: Android and iOS apps version 3.01 and earlier. Root cause: missing certificate pinning during TLS/SSL handshake, enabling potential MITM risks. Public-facing impact: credential exposure risk and MITM possibility as described in ICSA-18-046-03; CVSS v3 ba...
CVE-2017-9969
The CVE-2017-9969 entry affects Schneider Electric IGSS Mobile (Android/iOS) up to version 3.01 and earlier. The root cause is plaintext storage of passwords in the app configuration, enabling exposure of sensitive credentials and potential information disclosure. The ICSA advisory notes CVSS v3 ...
CVE-2017-9969
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information...