CVE-2017-7920

EPSS 2.7%CWE-287

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 2.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

07 ago 2017Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating.

Produtos afetados

n/a · ABB VSN300 WiFi Logger Card

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03 http://www.securityfocus.com/bid/99558