CVE-2017-7920

Опубликовано: 07 авг. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating.

Ссылки

http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch
Vendor Advisory
http://www.securityfocus.com/bid/99558
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03
Third Party Advisory
US Government Resource
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch
Vendor Advisory
http://www.securityfocus.com/bid/99558
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:abb:vsn300_firmware:*:*:*:*:*:*:*:*

Версия до 1.8.15 (включая)

cpe:2.3:h:abb:vsn300:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:abb:vsn300_for_react_firmware:2.1.3:*:*:*:*:*:*:*

cpe:2.3:h:abb:vsn300_for_react:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01403

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-wwfh-wcfq-86q2