CVE-2017-7916
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: ics-cert@hq.dhs.gov — http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch
References
- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch
- http://www.securityfocus.com/bid/99558
- https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03
- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch
- http://www.securityfocus.com/bid/99558
- https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03
CWEs
CWE-264 CWE-269
Verify integrity in audit chain (admin only). AS-IS.