Information disclosure in VSN300 WiFi Logger Card - CVE-2017-7920
Published: July 12, 2017
Vulnerability identifier: #VU7472
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7920
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: ABB
Affected software:
VSN300 WiFi Logger Card
VSN300 WiFi Logger Card
Detailed vulnerability description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exist due to improper authentication. An adjacent attacker can access a specific uniform resource locator (URL) on the web server, bypass authentication and obtain internal information about status and connected devices.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exist due to improper authentication. An adjacent attacker can access a specific uniform resource locator (URL) on the web server, bypass authentication and obtain internal information about status and connected devices.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-7920
Update WiFi Logger Card to version 1.9.0 or later.
Update WiFi Logger Card for React to version 2.2.5 or later.
Update WiFi Logger Card for React to version 2.2.5 or later.