CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-14011

A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the configuration of the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

http://www.securityfocus.com/bid/101259
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01
http://www.securityfocus.com/bid/101259
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01

Products affected by CVE-2017-14011

Prominent » Multiflex M10a Controller » Version: N/A

cpe:2.3:h:prominent:multiflex_m10a_controller:-
Prominent » Multiflex M10a Controller Firmware » Version: N/A

cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14011

Products

Pricing

Contact Us