漏洞标题
N/A
漏洞描述信息
在Schneider Electric Wonderware InTouch Access Anywhere 11.5.2 和更早版本中发现了一个跨站点请求伪造问题。客户端请求可能会被从另一个站点伪造。这将允许外部站点代表当前登录的用户访问内部RDP系统。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Schneider Electric Wonderware InTouch Access Anywhere 跨站请求伪造漏洞
漏洞描述信息
Schneider Electric Wonderware InTouch是法国施耐德电气(Schneider Electric)公司的一套开放的、可扩展的HMI和SCADA监控解决方案,它可创建标准化的、可重复使用的可视化应用程序。Schneider Electric Wonderware InTouch Access Anywhere Server是一款可通过Web浏览器访问InTouch应用程序的产品。 Schneider Electric Wonderware InTouch Access Any
CVSS信息
N/A
漏洞类别
跨站请求伪造