Cross-Site Request Forgery Vulnerability in ECOA BAS Controller Allows Remote Command Execution

Cross-Site Request Forgery Vulnerability in ECOA BAS Controller Allows Remote Command Execution

CVE-2021-41295 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system.

Learn more about our Web App Pen Testing.