Improper Authentication in ABB VSN300 WiFi Logger Card
CVE-2017-7920

7.5HIGH

Key Information:

Vendor: Abb
Status: Abb Vsn300 Wifi Logger Card
Vendor: CVE Published:; 7 August 2017

What is CVE-2017-7920?

An improper authentication vulnerability exists in ABB's VSN300 WiFi Logger Card, affecting versions 1.8.15 and earlier, as well as the React version 2.1.3 and prior. This flaw allows an unauthorized user to access sensitive internal information about device status and connected devices by simply entering a specific URL on the device's web interface, bypassing authentication measures. This poses a significant security risk, as attackers could exploit this vulnerability to gather critical information without detection.

Affected Version(s)

ABB VSN300 WiFi Logger Card ABB VSN300 WiFi Logger Card

References

http://www.securityfocus.com/bid/99558

vdb-entryx_refsource_BID

http://search.abb.com/library/Download.aspx?DocumentID=9A...

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2017
Vulnerability Reserved
Apr 18, 2017

Abb

What is CVE-2017-7920?

Affected Version(s)

References

CVSS V3.1

Timeline