CVE-2017-7906

Summary

In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.

Affected Software

VendorProductVersion RangeStatus
ICS-CERTABB IP GATEWAYAll versions prior to version 3.39affected

Weaknesses

  • CWE-352: CROSS-SITE REQUEST FORGERY CWE-352

ADP Enrichment

CVE Program Container

Additional References

References