PT-2017-17986 · Advantech · Advantech B+B Smartworx Mesr901

Maxim Rupp

Published

2017-05-06

Updated

2019-10-09

CVE-2017-7909

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior

Description A Use of Client-Side Authentication issue was discovered in the web interface, which uses JavaScript to check client authentication and redirect unauthorized users. This allows attackers to intercept requests and bypass authentication, accessing restricted web pages.

Recommendations For Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior, consider disabling JavaScript authentication in the web interface as a temporary workaround until a patch is available. Restrict access to restricted web pages to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-603CWE-287

Related Identifiers

CVE-2017-7909

Affected Products

Advantech B+B Smartworx Mesr901

PT-2017-17986 · Advantech · Advantech B+B Smartworx Mesr901

CVE-2017-7909

Weakness Enumeration

Related Identifiers

Affected Products

References · 4