cnvd - cnvd-2017-17218

cnvd-2017-17218

Vulnerability from cnvd

Title

ABB VSN300 WiFi Logger Card和VSN300 WiFi Logger Card for React权限访问控制漏洞

Description

ABB VSN300 WiFi Logger Card和VSN300 WiFi Logger Card for React都是瑞士Asea Brown Boveri（ABB）公司的无线数据记录卡产品。 ABB VSN300 WiFi Logger Card和VSN300 WiFi Logger Card for React中存在安全漏洞，该漏洞源于程序未能正确的限制‘Guest’账户的权限。攻击者可利用该漏洞获取配置文件的访问权限。

Severity

高

Patch Name

ABB VSN300 WiFi Logger Card和VSN300 WiFi Logger Card for React权限访问控制漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://new.abb.com/

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03

Impacted products

Name
['ABB VSN300 WiFi Logger Card <=1.8.15', 'ABB VSN300 WiFi Logger Card for React <=2.1.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7916",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7916"
    }
  },
  "description": "ABB VSN300 WiFi Logger Card\u548cVSN300 WiFi Logger Card for React\u90fd\u662f\u745e\u58ebAsea Brown Boveri\uff08ABB\uff09\u516c\u53f8\u7684\u65e0\u7ebf\u6570\u636e\u8bb0\u5f55\u5361\u4ea7\u54c1\u3002\r\n\r\nABB VSN300 WiFi Logger Card\u548cVSN300 WiFi Logger Card for React\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u9650\u5236\u2018Guest\u2019\u8d26\u6237\u7684\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u914d\u7f6e\u6587\u4ef6\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Maxim Rup",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://new.abb.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-17218",
  "openTime": "2017-07-28",
  "patchDescription": "ABB VSN300 WiFi Logger Card\u548cVSN300 WiFi Logger Card for React\u90fd\u662f\u745e\u58ebAsea Brown Boveri\uff08ABB\uff09\u516c\u53f8\u7684\u65e0\u7ebf\u6570\u636e\u8bb0\u5f55\u5361\u4ea7\u54c1\u3002\r\n\r\nABB VSN300 WiFi Logger Card\u548cVSN300 WiFi Logger Card for React\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u9650\u5236\u2018Guest\u2019\u8d26\u6237\u7684\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u914d\u7f6e\u6587\u4ef6\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ABB VSN300 WiFi Logger Card\u548cVSN300 WiFi Logger Card for React\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ABB VSN300 WiFi Logger Card \u003c=1.8.15",
      "ABB  VSN300 WiFi Logger Card for React \u003c=2.1.3"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03",
  "serverity": "\u9ad8",
  "submitTime": "2017-07-24",
  "title": "ABB VSN300 WiFi Logger Card\u548cVSN300 WiFi Logger Card for React\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e"
}

CVE-2017-7916 (GCVE-0-2017-7916)

Vulnerability from cvelistv5

Published

2017-08-07 08:00

Modified

2024-08-05 16:19

Severity ?

CWE

CWE-264

Summary

A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.

References

URL

Tags

	http://www.securityfocus.com/bid/99558	vdb-entry, x_refsource_BID
	http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03	x_refsource_MISC