← Back

CVE-2017-7969

nvd nist
Published: Sep 26, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.

Affected (2)

Schneider Electric
2 products
Powerscada Anywhere
Citect Anywhere
Configuration A
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Powerscada Anywhere
Version 1.0
Running on/withPlatform Versions
Schneider Electric
Powerscada Expert
Version 8.1
Schneider Electric
Powerscada Expert
Version 8.2
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Citect Anywhere
Version 1.0

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

Source: cybersecurity@se.com
MitigationPatchVendor Advisory
Source: cybersecurity@se.com
Third Party AdvisoryVDB Entry
Source: cybersecurity@se.com
Issue TrackingMitigationPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingMitigationPatchVendor Advisory

Timeline

No history available yet.