CSRF Vulnerability in Softing AG OPC Toolbox Allows Password Reset

CSRF Vulnerability in Softing AG OPC Toolbox Allows Password Reset

CVE-2021-29660 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.

Learn more about our User Device Pen Test.