Main Vulnerability Database SB2017050407

SB2017050407 - Authentication bypass in Advantech B+B SmartWorx MESR901

Published: May 4, 2017

Security Bulletin ID SB2017050407

CSH Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Authentication bypass (CVE-ID: CVE-2017-7909)

The vulnerability allows a remote unauthenticated attacker to bypass authentication.

The weakness exists due to improper checking of client authentication and redirecting of unauthorized users by JavaScript. A remote attacker can intercept requests, bypass authentication and access restricted web pages.

Successful exploitation of this vulnerability results in access to the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03