SB2017071203 - Information disclosure in ABB VSN300 WiFi Logger Card
Published: July 12, 2017
Security Bulletin ID
SB2017071203
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Adjecent network
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-7920)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.The weakness exist due to improper authentication. An adjacent attacker can access a specific uniform resource locator (URL) on the web server, bypass authentication and obtain internal information about status and connected devices.
Successful exploitation of the vulnerability results in information disclosure.
2) Information disclosure (CVE-ID: CVE-2017-7916)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.The weakness exist due to improper restriction of privileges of the “Guest” account. An adjacent attacker can gain access to configuration information that should be restricted.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Install update from vendor's website.