Vulnerability Description
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abb | Vsn300 Firmware | <= 1.8.15 |
| Abb | Vsn300 | - |
| Abb | Vsn300 For React Firmware | 2.1.3 |
| Abb | Vsn300 For React | - |
Related Weaknesses (CWE)
References
- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCVendor Advisory
- http://www.securityfocus.com/bid/99558Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03Third Party AdvisoryUS Government Resource
- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCVendor Advisory
- http://www.securityfocus.com/bid/99558Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-7916?
CVE-2017-7916 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web ap...
How severe is CVE-2017-7916?
CVE-2017-7916 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7916?
Check the references section above for vendor advisories and patch information. Affected products include: Abb Vsn300 Firmware, Abb Vsn300, Abb Vsn300 For React Firmware, Abb Vsn300 For React.