CVE-2017-7969

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:schneider-electric:powerscada_anywhere:1.0:*:*:*:*:*:*:*
OR cpe:2.3:a:schneider-electric:powerscada_expert:8.2:*:*:*:*:*:*:*
cpe:2.3:a:schneider-electric:powerscada_expert:8.1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:schneider-electric:citect_anywhere:1.0:*:*:*:*:*:*:*

Information

Published : 2017-09-25 18:29

Updated : 2017-09-29 10:09


NVD link : CVE-2017-7969

Mitre link : CVE-2017-7969


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

schneider-electric

  • powerscada_expert
  • powerscada_anywhere
  • citect_anywhere