Cross-site Request Forgery Vulnerability in Schneider Electric PLC Modules
CVE-2013-0663

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Modicon Quantum Plc
Vendor: CVE Published:; 4 April 2013

Summary

A Cross-site Request Forgery (CSRF) vulnerability exists in specific Schneider Electric PLC modules, allowing attackers to hijack user authentication. This could lead to unauthorized execution of commands on the affected devices, compromising their security and functionality. In particular, the vulnerability can be exploited through manipulation of HTTP requests, posing a serious risk to industrial control systems.

References

https://www.exploit-db.com/exploits/44678/

exploitx_refsource_EXPLOIT-DB

http://www.schneider-electric.com/download/ww/en/details/...

x_refsource_CONFIRM

http://www.schneider-electric.com/download/ww/en/file/365...

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 4, 2013
Vulnerability Reserved
Dec 19, 2012