CVE-2017-7920

EPSS 2.7%CWE-287

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 2.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

07 ago 2017Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating.

Productos afectados

n/a · ABB VSN300 WiFi Logger Card

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03 http://www.securityfocus.com/bid/99558