CVE-2017-7969: CSRF
First published: Mon Sep 25 2017(Updated: )
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Powerscada Anywhere | =1.0 | |
| Schneider-electric Powerscada Expert | =8.1 | |
| Schneider-electric Powerscada Expert | =8.2 | |
| Schneider-electric Citect Anywhere | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric powerscada anywhere
- version/schneider-electric powerscada anywhere/1.0
- canonical/schneider-electric powerscada expert
- version/schneider-electric powerscada expert/8.1
- version/schneider-electric powerscada expert/8.2
- canonical/schneider-electric citect anywhere
- version/schneider-electric citect anywhere/1.0