CVE-2017-7969

Name of the Vulnerable Software and Affected Versions PowerSCADA Anywhere version 1.0 PowerSCADA Expert versions 8.1 through 8.2 Citect Anywhere version 1.0

Description A cross-site request forgery issue exists in the Secure Gateway component, allowing for multiple state-changing requests. This type of attack requires social engineering to trick a legitimate user into accessing a malicious link or site containing the CSRF attack.

Recommendations For PowerSCADA Anywhere version 1.0, update to a version that includes a fix for this issue. For PowerSCADA Expert versions 8.1 through 8.2, update to a version that includes a fix for this issue. For Citect Anywhere version 1.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the Secure Gateway component to minimize the risk of exploitation.