Information disclosure in VSN300 WiFi Logger Card - CVE-2017-7916
Published: July 12, 2017
Vulnerability identifier: #VU7473
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7916
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: ABB
Affected software:
VSN300 WiFi Logger Card
VSN300 WiFi Logger Card
Detailed vulnerability description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exist due to improper restriction of privileges of the “Guest” account. An adjacent attacker can gain access to configuration information that should be restricted.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exist due to improper restriction of privileges of the “Guest” account. An adjacent attacker can gain access to configuration information that should be restricted.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-7916
Update WiFi Logger Card to version 1.9.0 or later.
Update WiFi Logger Card for React to version 2.2.5 or later.
Update WiFi Logger Card for React to version 2.2.5 or later.