Vulnerability Description
An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abb | Vsn300 Firmware | <= 1.8.15 |
| Abb | Vsn300 | - |
| Abb | Vsn300 For React Firmware | 2.1.3 |
| Abb | Vsn300 For React | - |
Related Weaknesses (CWE)
References
- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCVendor Advisory
- http://www.securityfocus.com/bid/99558Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03Third Party AdvisoryUS Government Resource
- http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCVendor Advisory
- http://www.securityfocus.com/bid/99558Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-7920?
CVE-2017-7920 is a vulnerability with a CVSS score of 7.5 (HIGH). An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific unifor...
How severe is CVE-2017-7920?
CVE-2017-7920 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7920?
Check the references section above for vendor advisories and patch information. Affected products include: Abb Vsn300 Firmware, Abb Vsn300, Abb Vsn300 For React Firmware, Abb Vsn300 For React.