CVE-2017-5156

Summary

A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user.

Affected Software

VendorProductVersion RangeStatus
n/aSchneider Electric Wonderware InTouch Access AnywhereSchneider Electric Wonderware InTouch Access Anywhereaffected

Weaknesses

  • Cross-Site Request Forgery

ADP Enrichment

CVE Program Container

Additional References

References