PT-2017-17996 · Abb · Abb Vsn300 Wifi Logger Card For React+1
Published
2017-08-07
·
Updated
2019-10-09
·
CVE-2017-7920
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ABB VSN300 WiFi Logger Card versions 1.8.15 and prior
ABB VSN300 WiFi Logger Card for React versions 2.1.3 and prior
Description
An issue with improper authentication was found, allowing a malicious user to access internal information about status and connected devices without authentication by accessing a specific URL on the web server.
Recommendations
For ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, update to a version later than 1.8.15 to resolve the issue.
For ABB VSN300 WiFi Logger Card for React versions 2.1.3 and prior, update to a version later than 2.1.3 to resolve the issue.
As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Abb Vsn300 Wifi Logger Card
Abb Vsn300 Wifi Logger Card For React