Authentication Bypass Vulnerability in ABB IP GATEWAY
CVE-2017-7906

8.8HIGH

Key Information:

Vendor: Ics-cert
Status: Abb Ip Gateway
Vendor: CVE Published:; 5 June 2018

What is CVE-2017-7906?

The ABB IP GATEWAY, up to version 3.39, has a vulnerability where the web server does not properly ensure that requests are made by authenticated users. This oversight can potentially allow attackers to impersonate legitimate users and execute unauthorized commands, leading to unauthorized access or manipulation of sensitive information.

Affected Version(s)

ABB IP GATEWAY All versions prior to version 3.39

References

http://www.securityfocus.com/bid/104388

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-18-156-01

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2018
Vulnerability Reserved
Apr 18, 2017

CVE-2017-7906 Data

JSON

Ics-cert

What is CVE-2017-7906?

Affected Version(s)

References

CVSS V3.1

Timeline