Cross site request forgery (csrf)

2012-02-2113:31:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.4%

JSON

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.

CPENameOperatorVersion
advantech_webaccessle6.0
advantech_webaccesseq5.0

CPE	Name	Operator	Version
	advantech_webaccess	le	6.0
	advantech_webaccess	eq	5.0

References

www.securityfocus.com/bid/52051

www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf