#VU7472 Information disclosure in VSN300 WiFi Logger Card - CVE-2017-7920
Published: July 12, 2017
Vulnerability identifier: #VU7472
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7920
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
VSN300 WiFi Logger Card
VSN300 WiFi Logger Card
Software vendor:
ABB
ABB
Description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exist due to improper authentication. An adjacent attacker can access a specific uniform resource locator (URL) on the web server, bypass authentication and obtain internal information about status and connected devices.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exist due to improper authentication. An adjacent attacker can access a specific uniform resource locator (URL) on the web server, bypass authentication and obtain internal information about status and connected devices.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Update WiFi Logger Card to version 1.9.0 or later.
Update WiFi Logger Card for React to version 2.2.5 or later.
Update WiFi Logger Card for React to version 2.2.5 or later.