PT-2017-17992 · Abb · Abb Vsn300 Wifi Logger Card For React+1

Published

2017-08-07

Updated

2019-10-09

CVE-2017-7916

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ABB VSN300 WiFi Logger Card versions 1.8.15 and prior ABB VSN300 WiFi Logger Card for React versions 2.1.3 and prior

Description A Permissions, Privileges, and Access Controls issue was found in the web application, where it does not properly restrict privileges of the Guest account. This could allow a malicious user to gain access to configuration information that should be restricted.

Recommendations For ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, restrict access to the Guest account until a fix is available. For ABB VSN300 WiFi Logger Card for React versions 2.1.3 and prior, limit the privileges of the Guest account to prevent unauthorized access to configuration information.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-269

Related Identifiers

CVE-2017-7916

Affected Products

Abb Vsn300 Wifi Logger Card

Abb Vsn300 Wifi Logger Card For React

PT-2017-17992 · Abb · Abb Vsn300 Wifi Logger Card For React+1

CVE-2017-7916

Weakness Enumeration

Related Identifiers

Affected Products

References · 5