CVE-2017-9963

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.1HIGH
EPSS
0.1%
top 64.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Powerscada Anywhere
Timeline
PublishedFeb 12
Latest updateMay 14

Description

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vrwh-p7px-62mr: A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v12022-05-14
CVEList
CVE-2017-9963: A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v12018-02-12
CVE-2017-9963 (HIGH CVSS 8.1) | A cross-site request forgery vulner | cvebase.io