CVE-2017-9963

Name of the Vulnerable Software and Affected Versions PowerSCADA Anywhere version 1.0 PowerSCADA Expert versions 8.1 through 8.2 Citect Anywhere version 1.0

Description A cross-site request forgery issue exists in the Secure Gateway component, allowing for multiple state-changing requests. This type of attack requires social engineering to trick a legitimate user into accessing a malicious link or site containing the CSRF attack.

Recommendations For PowerSCADA Anywhere version 1.0, update the Secure Gateway component to prevent cross-site request forgery attacks. For PowerSCADA Expert versions 8.1 through 8.2, ensure the Secure Gateway component is updated to mitigate the risk of CSRF attacks. For Citect Anywhere version 1.0, consider restricting access to the Secure Gateway component until a fix is available.