Permissions and Access Control Flaw in ABB VSN300 WiFi Logger Card
CVE-2017-7916

6.5MEDIUM

Key Information:

Vendor: Abb
Status: Abb Vsn300 Wifi Logger Card
Vendor: CVE Published:; 7 August 2017

What is CVE-2017-7916?

A permissions and access control issue has been identified in the ABB VSN300 WiFi Logger Card which affects versions 1.8.15 and earlier, as well as the React version 2.1.3 and prior. This flaw allows an unauthorized user to exploit the Guest account's insufficient restrictions, potentially gaining access to sensitive configuration information intended for higher-privileged users. Such access can lead to unauthorized manipulation and exposure of critical device configurations.

Affected Version(s)

ABB VSN300 WiFi Logger Card ABB VSN300 WiFi Logger Card

References

http://www.securityfocus.com/bid/99558

vdb-entryx_refsource_BID

http://search.abb.com/library/Download.aspx?DocumentID=9A...

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2017
Vulnerability Reserved
Apr 18, 2017

Abb

What is CVE-2017-7916?

Affected Version(s)

References

CVSS V3.1

Timeline