CVE-2017-7920

Name of the Vulnerable Software and Affected Versions ABB VSN300 WiFi Logger Card versions 1.8.15 and prior ABB VSN300 WiFi Logger Card for React versions 2.1.3 and prior

Description An issue with improper authentication was found, allowing a malicious user to access internal information about status and connected devices without authentication by accessing a specific URL on the web server.

Recommendations For ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, update to a version later than 1.8.15 to resolve the issue. For ABB VSN300 WiFi Logger Card for React versions 2.1.3 and prior, update to a version later than 2.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation.