Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-7916

A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.

Published

2017-08-07T08:29:00.197

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-264
Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	abb	vsn300_firmware	≤ 1.8.15	Yes
Hardware	abb	vsn300	-	No
Operating System	abb	vsn300_for_react_firmware	2.1.3	Yes
Hardware	abb	vsn300_for_react	-	No

References

http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/99558 Third Party Advisory, VDB Entry ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03 Third Party Advisory, US Government Resource ([email protected])
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/99558 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)