CVE-2017-7920

high

Description

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating.

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03

https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03

http://www.securityfocus.com/bid/99558

http://www.securityfocus.com/bid/99558

http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch

http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch

Details

Source: Mitre, NVD

Published: 2017-08-07

Updated: 2019-10-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High