Cross site request forgery (csrf)

2017-03-2901:59:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.

CPENameOperatorVersion
ruggedcom_rox_ile2.9.0

CPE	Name	Operator	Version
	ruggedcom_rox_i	le	2.9.0

References

www.securityfocus.com/bid/97170

www.securitytracker.com/id/1038160

ics-cert.us-cert.gov/advisories/ICSA-17-087-01

www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf