CVE-2017-7906

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 59.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ABB IP Gateway FirmwareIcs-cert ABB IP Gateway
Timeline
PublishedJun 6
Latest updateMay 13

Description

In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ics-cert/abb_ip_gatewayAll versions prior to version 3.39

🔴Vulnerability Details

2
GHSA
GHSA-w75p-6p9x-896h: In ABB IP GATEWAY 32022-05-13
CVEList
CVE-2017-7906: In ABB IP GATEWAY 32018-06-06
CVE-2017-7906 (HIGH CVSS 8.8) | In ABB IP GATEWAY 3.39 and prior | cvebase.io