PT-2017-17992 · Abb · Abb Vsn300 Wifi Logger Card For React+1

Publicado

2017-08-07

Atualizado

2019-10-09

CVE-2017-7916

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ABB VSN300 WiFi Logger Card versions 1.8.15 and prior ABB VSN300 WiFi Logger Card for React versions 2.1.3 and prior

Description A Permissions, Privileges, and Access Controls issue was found in the web application, where it does not properly restrict privileges of the Guest account. This could allow a malicious user to gain access to configuration information that should be restricted.

Recommendations For ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, restrict access to the Guest account until a fix is available. For ABB VSN300 WiFi Logger Card for React versions 2.1.3 and prior, limit the privileges of the Guest account to prevent unauthorized access to configuration information.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-269

Identificadores relacionados

CVE-2017-7916

Produtos afetados

Abb Vsn300 Wifi Logger Card

Abb Vsn300 Wifi Logger Card For React

PT-2017-17992 · Abb · Abb Vsn300 Wifi Logger Card For React+1

CVE-2017-7916

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5