Vulnerability Details : CVE-2017-7916
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.
Products affected by CVE-2017-7916
- cpe:2.3:o:abb:vsn300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:vsn300_for_react_firmware:2.1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7916
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7916
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-7916
-
Assigned by: ics-cert@hq.dhs.gov (Secondary)
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7916
-
http://www.securityfocus.com/bid/99558
ABB VSN300 WiFi Logger Card Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch
Vendor Advisory
-
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03
ABB VSN300 WiFi Logger Card | CISAThird Party Advisory;US Government Resource
Jump to