CVE-2017-7906

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
06/06/2018
Last modified:
09/10/2019

Description

In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:abb:ip_gateway_firmware:*:*:*:*:*:*:*:* 3.39 (including)
cpe:2.3:h:abb:ip_gateway:-:*:*:*:*:*:*:*