PT-2017-18003 · Schweitzer Engineering Laboratories · Sel-3622+1
Published
2017-08-07
·
Updated
2019-10-09
·
CVE-2017-7928
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway versions R202, R203, R203-V1, R203-V2, R204, R204-V1
Description
An issue with improper access control was found, which may allow unauthorized communications to downstream devices due to the device not properly enforcing access control while configured for NAT port forwarding.
Recommendations
For versions R202, R203, R203-V1, R203-V2, R204, R204-V1, consider restricting NAT port forwarding configurations to minimize the risk of exploitation until a proper fix is applied.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sel-3620
Sel-3622