High severity8.8NVD Advisory· Published Apr 2, 2021· Updated Jun 17, 2026
CVE-2021-29660
CVE-2021-29660
Description
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.
Affected products
2- Softing AG/OPC Toolboxdescription
- Range: <=4.10.1.13035
Patches
Vulnerability mechanics
References
1- www.gruppotim.it/redteamnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.