CVE-2017-7928

critical

Published 2017-08-07 · Modified 2026-05-13

CVSS v3

10.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

10.0

Description

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices.

Predictions

Exploit likelihood

98%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: ics-cert@hq.dhs.gov — https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06

References

http://www.securityfocus.com/bid/99536
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06
http://www.securityfocus.com/bid/99536
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06

CWEs

CWE-284

Verify integrity in audit chain (admin only). AS-IS.