Schneider Electric PowerSCADA Anywhere 1.0 Secure Gateway cross-site request forgery

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, has been found in Schneider Electric PowerSCADA Anywhere 1.0 (SCADA Software). Affected by this issue is an unknown part of the component Secure Gateway. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field09/26/2017 03:13 PM11/19/2019 05:04 PM01/14/2021 01:27 PM
typeSCADA SoftwareSCADA SoftwareSCADA Software
vendorSchneider ElectricSchneider ElectricSchneider Electric
namePowerSCADA AnywherePowerSCADA AnywherePowerSCADA Anywhere
version1.01.01.0
componentSecure GatewaySecure GatewaySecure Gateway
cwe352 (cross site request forgery)352 (cross site request forgery)352 (cross site request forgery)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore4.34.34.3
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore6.56.56.5
cvss3_meta_tempscore6.56.56.5
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.34.34.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1506384000 (09/26/2017)1506384000 (09/26/2017)1506384000 (09/26/2017)
urlhttp://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
company_nameSchneider ElectricSchneider ElectricSchneider Electric
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-7969CVE-2017-7969CVE-2017-7969
cve_assigned149256000014925600001492560000
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryA cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.
securityfocus999139991399913
securityfocus_date1500508800 (07/20/2017)1500508800 (07/20/2017)1500508800 (07/20/2017)
securityfocus_classUnknownUnknownUnknown
securityfocus_titleSchneider Electric PowerSCADA Anywhere and Citect Anywhere Multiple Security VulnerabilitiesSchneider Electric PowerSCADA Anywhere and Citect Anywhere Multiple Security VulnerabilitiesSchneider Electric PowerSCADA Anywhere and Citect Anywhere Multiple Security Vulnerabilities
seealso107139 107140 107141 113181107139 107140 107141 113181107139 107140 107141 113181
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days676767
cvss3_nvd_basescore8.88.88.8
discoverydate15005088001500508800
confirm_urlhttp://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/
person_nameSchneider Electric
cvss2_nvd_basescore6.8

Do you want to use VulDB in your project?

Use the official API to access entries easily!