var-201708-1397
Vulnerability from variot
An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating. ABBVSN300WiFiLoggerCard and VSN300WiFiLoggerCardforReact are wireless data recording card products of Swiss AseaBrownBoveri (ABB). There are security vulnerabilities in ABBVSN300WiFiLoggerCard1.8.15 and earlier and VSN300WiFiLoggerCardforReact2.1.3 and earlier. An authentication-bypass vulnerability 2. A security-bypass vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions and bypass the authentication mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vsn300 for react",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": "2.1.3"
},
{
"model": "vsn300",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "1.8.15"
},
{
"model": "vsn300 wifi logger card for react",
"scope": "lte",
"trust": 0.8,
"vendor": "abb",
"version": "2.1.3"
},
{
"model": "vsn300 wifi logger card",
"scope": "lte",
"trust": 0.8,
"vendor": "abb",
"version": "1.8.15"
},
{
"model": "vsn300 wifi logger card",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=1.8.15"
},
{
"model": "vsn300 wifi logger card for react",
"scope": "lte",
"trust": 0.6,
"vendor": "abb",
"version": "\u003c=2.1.3"
},
{
"model": "vsn300",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "1.8.15"
},
{
"model": "vsn300 wifi logger card for react",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "2.1.3"
},
{
"model": "vsn300 wifi logger card for react",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "vsn300 wifi logger card",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "1.8.15"
},
{
"model": "vsn300 wifi logger card",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "vsn300 wifi logger card for react",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "2.2.5"
},
{
"model": "vsn300 wifi logger card",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "1.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vsn300",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vsn300 for react",
"version": "2.1.3"
}
],
"sources": [
{
"db": "IVD",
"id": "3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05"
},
{
"db": "CNVD",
"id": "CNVD-2017-22992"
},
{
"db": "BID",
"id": "99558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006981"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1050"
},
{
"db": "NVD",
"id": "CVE-2017-7920"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:abb:vsn300_for_react_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:abb:vsn300_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006981"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp.",
"sources": [
{
"db": "BID",
"id": "99558"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7920",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7920",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22992",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-116123",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7920",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7920",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7920",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-22992",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1050",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116123",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05"
},
{
"db": "CNVD",
"id": "CNVD-2017-22992"
},
{
"db": "VULHUB",
"id": "VHN-116123"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006981"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1050"
},
{
"db": "NVD",
"id": "CVE-2017-7920"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating. ABBVSN300WiFiLoggerCard and VSN300WiFiLoggerCardforReact are wireless data recording card products of Swiss AseaBrownBoveri (ABB). There are security vulnerabilities in ABBVSN300WiFiLoggerCard1.8.15 and earlier and VSN300WiFiLoggerCardforReact2.1.3 and earlier. An authentication-bypass vulnerability\n2. A security-bypass vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions and bypass the authentication mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7920"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006981"
},
{
"db": "CNVD",
"id": "CNVD-2017-22992"
},
{
"db": "BID",
"id": "99558"
},
{
"db": "IVD",
"id": "3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05"
},
{
"db": "VULHUB",
"id": "VHN-116123"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7920",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-192-03",
"trust": 3.4
},
{
"db": "BID",
"id": "99558",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1050",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22992",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006981",
"trust": 0.8
},
{
"db": "IVD",
"id": "3C61FA5E-9B12-48D6-AA53-1BFBA0C9EC05",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116123",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05"
},
{
"db": "CNVD",
"id": "CNVD-2017-22992"
},
{
"db": "VULHUB",
"id": "VHN-116123"
},
{
"db": "BID",
"id": "99558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006981"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1050"
},
{
"db": "NVD",
"id": "CVE-2017-7920"
}
]
},
"id": "VAR-201708-1397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05"
},
{
"db": "CNVD",
"id": "CNVD-2017-22992"
},
{
"db": "VULHUB",
"id": "VHN-116123"
}
],
"trust": 1.6388889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05"
},
{
"db": "CNVD",
"id": "CNVD-2017-22992"
}
]
},
"last_update_date": "2024-11-23T21:53:56.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABBVU-EPPE-ICS-VU-196220",
"trust": 0.8,
"url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"title": "ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99756"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006981"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1050"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116123"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006981"
},
{
"db": "NVD",
"id": "CVE-2017-7920"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-192-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/99558"
},
{
"trust": 1.6,
"url": "http://search.abb.com/library/download.aspx?documentid=9akk107045a1977\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7920"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7920"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.1,
"url": "http://search.abb.com/library/download.aspx?documentid=9akk107045a1977\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22992"
},
{
"db": "VULHUB",
"id": "VHN-116123"
},
{
"db": "BID",
"id": "99558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006981"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1050"
},
{
"db": "NVD",
"id": "CVE-2017-7920"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05"
},
{
"db": "CNVD",
"id": "CNVD-2017-22992"
},
{
"db": "VULHUB",
"id": "VHN-116123"
},
{
"db": "BID",
"id": "99558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006981"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1050"
},
{
"db": "NVD",
"id": "CVE-2017-7920"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22992"
},
{
"date": "2017-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-116123"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99558"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006981"
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1050"
},
{
"date": "2017-08-07T08:29:00.243000",
"db": "NVD",
"id": "CVE-2017-7920"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22992"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-116123"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99558"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006981"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1050"
},
{
"date": "2024-11-21T03:32:57.993000",
"db": "NVD",
"id": "CVE-2017-7920"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1050"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006981"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1050"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…