// For flags

CVE-2017-12703

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server.

Se ha descubierto un problema de Cross-Site Request Forgery (CSRF) en Westermo MRD-305-DIN en versiones anteriores a la 1.7.5.0, y MRD-315, MRD-355, MRD-455 en versiones anteriores a la 1.7.5.0. La aplicación no verifica si una petición ha sido proporcionada intencionadamente por el usuario, lo que posibilita que un atacante engañe a un usuario para que realice una petición maliciosa al servidor.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-08-09 CVE Reserved
  • 2017-08-25 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
URL Tag Source
http://www.securityfocus.com/bid/100470 Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Westermo
Search vendor "Westermo"
 Mrd-305-din Firmware
Search vendor "Westermo" for product "Mrd-305-din Firmware"
--
Affected
in Westermo
Search vendor "Westermo"
 Mrd-305-din
Search vendor "Westermo" for product "Mrd-305-din"
--
Safe
Westermo
Search vendor "Westermo"
 Mrd-315-din Firmware
Search vendor "Westermo" for product "Mrd-315-din Firmware"
--
Affected
in Westermo
Search vendor "Westermo"
 Mrd-315-din
Search vendor "Westermo" for product "Mrd-315-din"
--
Safe
Westermo
Search vendor "Westermo"
 Mrd-355-din Firmware
Search vendor "Westermo" for product "Mrd-355-din Firmware"
--
Affected
in Westermo
Search vendor "Westermo"
 Mrd-355-din
Search vendor "Westermo" for product "Mrd-355-din"
--
Safe
Westermo
Search vendor "Westermo"
 Mrd-455-din Firmware
Search vendor "Westermo" for product "Mrd-455-din Firmware"
--
Affected
in Westermo
Search vendor "Westermo"
 Mrd-455-din
Search vendor "Westermo" for product "Mrd-455-din"
--
Safe