Main Vulnerability Database Vulnerabilities #VU8823

#VU8823 Cross-site request forgery in MultiFLEX M10a Controller - CVE-2017-14011

Published: October 13, 2017

Vulnerability identifier: #VU8823

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-14011

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
MultiFLEX M10a Controller

Software vendor:
ProMinent

Description

The vulnerability allows a remote authenticated attacker to perform CSRF attack.

The weakness exists due to a lack of cross-site request forgery (CSRF) protection. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.

Remediation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01