Schneider Electric IGSS Mobile Application TLS/SSL Certificate Pinning Bypass Vulnerability

Schneider Electric IGSS Mobile Application TLS/SSL Certificate Pinning Bypass Vulnerability

CVE-2017-9968 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.

Learn more about our Mobile App Penetration Testing.