var-201708-1396
Vulnerability from variot
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted. An authentication-bypass vulnerability 2. A security-bypass vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions and bypass the authentication mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vsn300 for react",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": "2.1.3"
},
{
"model": "vsn300",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.8.15"
},
{
"model": "vsn300 wifi logger card for react",
"scope": "lte",
"trust": 0.8,
"vendor": "abb",
"version": "2.1.3"
},
{
"model": "vsn300 wifi logger card",
"scope": "lte",
"trust": 0.8,
"vendor": "abb",
"version": "1.8.15"
},
{
"model": "vsn300 wifi logger card",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=1.8.15"
},
{
"model": "vsn300 wifi logger card for react",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=2.1.3"
},
{
"model": "vsn300",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1.8.15"
},
{
"model": "vsn300 wifi logger card for react",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "2.1.3"
},
{
"model": "vsn300 wifi logger card for react",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "vsn300 wifi logger card",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "1.8.15"
},
{
"model": "vsn300 wifi logger card",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "vsn300 wifi logger card for react",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "2.2.5"
},
{
"model": "vsn300 wifi logger card",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "1.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vsn300",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vsn300 for react",
"version": "2.1.3"
}
],
"sources": [
{
"db": "IVD",
"id": "4540790e-c339-4031-b7a6-176c7e6ceff8"
},
{
"db": "CNVD",
"id": "CNVD-2017-17218"
},
{
"db": "BID",
"id": "99558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006980"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-602"
},
{
"db": "NVD",
"id": "CVE-2017-7916"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:abb:vsn300_for_react_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:vsn300_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006980"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp.",
"sources": [
{
"db": "BID",
"id": "99558"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7916",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-7916",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-17218",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "4540790e-c339-4031-b7a6-176c7e6ceff8",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-116119",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7916",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7916",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-7916",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-17218",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-602",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4540790e-c339-4031-b7a6-176c7e6ceff8",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-116119",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4540790e-c339-4031-b7a6-176c7e6ceff8"
},
{
"db": "CNVD",
"id": "CNVD-2017-17218"
},
{
"db": "VULHUB",
"id": "VHN-116119"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006980"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-602"
},
{
"db": "NVD",
"id": "CVE-2017-7916"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted. An authentication-bypass vulnerability\n2. A security-bypass vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions and bypass the authentication mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7916"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006980"
},
{
"db": "CNVD",
"id": "CNVD-2017-17218"
},
{
"db": "BID",
"id": "99558"
},
{
"db": "IVD",
"id": "4540790e-c339-4031-b7a6-176c7e6ceff8"
},
{
"db": "VULHUB",
"id": "VHN-116119"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7916",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-192-03",
"trust": 3.4
},
{
"db": "BID",
"id": "99558",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201707-602",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-17218",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006980",
"trust": 0.8
},
{
"db": "IVD",
"id": "4540790E-C339-4031-B7A6-176C7E6CEFF8",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116119",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4540790e-c339-4031-b7a6-176c7e6ceff8"
},
{
"db": "CNVD",
"id": "CNVD-2017-17218"
},
{
"db": "VULHUB",
"id": "VHN-116119"
},
{
"db": "BID",
"id": "99558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006980"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-602"
},
{
"db": "NVD",
"id": "CVE-2017-7916"
}
]
},
"id": "VAR-201708-1396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4540790e-c339-4031-b7a6-176c7e6ceff8"
},
{
"db": "CNVD",
"id": "CNVD-2017-17218"
},
{
"db": "VULHUB",
"id": "VHN-116119"
}
],
"trust": 1.6388889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4540790e-c339-4031-b7a6-176c7e6ceff8"
},
{
"db": "CNVD",
"id": "CNVD-2017-17218"
}
]
},
"last_update_date": "2024-11-23T21:53:56.732000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-EPPE-ICS-VU-196220",
"trust": 0.8,
"url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "Patch for ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React Access Control Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/99152"
},
{
"title": "ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71716"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-17218"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006980"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-602"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
},
{
"problemtype": "CWE-269",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116119"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006980"
},
{
"db": "NVD",
"id": "CVE-2017-7916"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99558"
},
{
"trust": 1.6,
"url": "http://search.abb.com/library/download.aspx?documentid=9akk107045a1977\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7916"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7916"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.1,
"url": "http://search.abb.com/library/download.aspx?documentid=9akk107045a1977\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-17218"
},
{
"db": "VULHUB",
"id": "VHN-116119"
},
{
"db": "BID",
"id": "99558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006980"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-602"
},
{
"db": "NVD",
"id": "CVE-2017-7916"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4540790e-c339-4031-b7a6-176c7e6ceff8"
},
{
"db": "CNVD",
"id": "CNVD-2017-17218"
},
{
"db": "VULHUB",
"id": "VHN-116119"
},
{
"db": "BID",
"id": "99558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006980"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-602"
},
{
"db": "NVD",
"id": "CVE-2017-7916"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-28T00:00:00",
"db": "IVD",
"id": "4540790e-c339-4031-b7a6-176c7e6ceff8"
},
{
"date": "2017-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-17218"
},
{
"date": "2017-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-116119"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99558"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006980"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-602"
},
{
"date": "2017-08-07T08:29:00.197000",
"db": "NVD",
"id": "CVE-2017-7916"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-17218"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-116119"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99558"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006980"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-602"
},
{
"date": "2024-11-21T03:32:57.480000",
"db": "NVD",
"id": "CVE-2017-7916"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-602"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-602"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…