← volver
CVE-2017-7969

CVE-2017-7969

EPSS 0.6%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 sep 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
Productos afectados
Schneider Electric SE · Citect AnywhereSchneider Electric SE · PowerSCADA Anywhere

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywherehttp://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/http://www.securityfocus.com/bid/99913