Vulnerability Description
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advantech B\+B Smartworx | Mesr901 Firmware | <= 1.5.2 |
| Advantech B\+B Smartworx | Mesr901 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98257Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/98257Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-7909?
CVE-2017-7909 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redi...
How severe is CVE-2017-7909?
CVE-2017-7909 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-7909?
Check the references section above for vendor advisories and patch information. Affected products include: Advantech B\+B Smartworx Mesr901 Firmware, Advantech B\+B Smartworx Mesr901.