Web Server Configuration Exposure in ABB IP GATEWAY
CVE-2017-7931

9.8CRITICAL

Key Information:

Vendor: Ics-cert
Status: Abb Ip Gateway
Vendor: CVE Published:; 6 June 2018

What is CVE-2017-7931?

In ABB IP GATEWAY versions 3.39 and earlier, a security flaw allows unauthenticated users to access sensitive configuration files and application pages by requesting a specific URL on the web server. This exposure could lead to unauthorized access and potential manipulation of the device's settings, making it vulnerable to further attacks.

Affected Version(s)

ABB IP GATEWAY All versions prior to version 3.39

References

http://www.securityfocus.com/bid/104388

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-18-156-01

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2018
Vulnerability Reserved
Apr 18, 2017

CVE-2017-7931 Data

JSON

Ics-cert

What is CVE-2017-7931?

Affected Version(s)

References

CVSS V3.1

Timeline