Cross-Site Request Forgery Vulnerability in Schneider Electric's PowerSCADA Anywhere
CVE-2017-9963

8.1HIGH

Key Information:

Vendor: Schneider Electric
Status: Powerscada Anywhere
Vendor: CVE Published:; 12 February 2018

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2017-9963?

A cross-site request forgery vulnerability exists in the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere. This vulnerability allows attackers to exploit legitimate user interactions to perform unauthorized state-changing actions. To execute this attack, the attacker often employs social engineering techniques, tricking users into clicking on malicious links or accessing compromised sites, which could lead to significant security breaches.

References

https://www.citect.schneider-electric.com/safety-and-secu...

x_refsource_MISC

http://www.schneider-electric.com/en/download/document/SE...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2018
Vulnerability Reserved
Jun 26, 2017