Vulnerability Name: | CVE-2017-7916 (CCN-128333) | ||||||||||||
Assigned: | 2017-07-11 | ||||||||||||
Published: | 2017-07-11 | ||||||||||||
Updated: | 2019-10-09 | ||||||||||||
Summary: | A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted. | ||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-269 | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-7916 Source: CCN Type: ABB Web site ABB Group - Leading digital technologies for industry Source: MISC Type: Vendor Advisory http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch Source: BID Type: Third Party Advisory, VDB Entry 99558 Source: CCN Type: BID-99558 ABB VSN300 WiFi Logger Card Multiple Security Vulnerabilities Source: XF Type: UNKNOWN abb-cve20177916-priv-esc(128333) Source: CCN Type: ICSA-17-192-03 ABB VSN300 WiFi Logger Card Source: MISC Type: Third Party Advisory, US Government Resource https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||||||
BACK |