Schneider Electric PowerSCADA Anywhere 1.0 Secure Gateway cross-site request forgery

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, has been found in Schneider Electric PowerSCADA Anywhere 1.0 (SCADA Software). Affected by this issue is an unknown part of the component Secure Gateway. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1082001801/14/2021VulD...cvss2_nvd_basescore6.8nist.gov01/14/2021accepted90
1082001701/14/2021VulD...person_nameSchneider Electricsecurityfocus.com01/14/2021accepted70
713981411/19/2019VulD...confirm_urlhttp://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/schneider-electric.com11/19/2019accepted100
713977411/19/2019VulD...discoverydate150050880011/19/2019accepted100
713983309/26/2017VulD...cvss3_nvd_basescore8.8nist.gov09/26/2017accepted90
713983209/26/2017VulD...0day_days6709/26/2017accepted90
713983109/26/2017VulD...cvss3_vuldb_rcX09/26/2017accepted90
713983009/26/2017VulD...cvss3_vuldb_rlX09/26/2017accepted90
713982909/26/2017VulD...cvss3_vuldb_eX09/26/2017accepted90
713982809/26/2017VulD...cvss2_vuldb_rcND09/26/2017accepted90
713982709/26/2017VulD...cvss2_vuldb_rlND09/26/2017accepted90
713982609/26/2017VulD...cvss2_vuldb_eND09/26/2017accepted90
713982509/26/2017VulD...locationWebsite09/26/2017accepted90
713982409/26/2017VulD...seealso107139 107140 107141 11318109/26/2017accepted100
713982309/26/2017VulD...securityfocus_titleSchneider Electric PowerSCADA Anywhere and Citect Anywhere Multiple Security Vulnerabilitiessecurityfocus.com09/26/2017accepted100
713982209/26/2017VulD...securityfocus_classUnknownsecurityfocus.com09/26/2017accepted100
713982109/26/2017VulD...securityfocus_date1500508800 (07/20/2017)securityfocus.com09/26/2017accepted100
713982009/26/2017VulD...securityfocus99913securityfocus.com09/26/2017accepted100
713981909/26/2017VulD...cve_nvd_summaryA cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.mitre.org09/26/2017accepted100
713981809/26/2017VulD...cve_nvd_published1506297600mitre.org09/26/2017accepted100

Want to stay up to date on a daily basis?

Enable the mail alert feature now!