Security restrictions bypass in SEL-3622 and SEL-3620

#VU7476 Security restrictions bypass in SEL-3622 and SEL-3620

Published: 2017-07-12

Vulnerability identifier: #VU7476

Vulnerability risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7928

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SEL-3622
Hardware solutions / Routers & switches, VoIP, GSM, etc
SEL-3620
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Schweitzer Engineering Laboratories, Inc.

Description
The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to improper enforcing of access control while configured for NAT port forwarding. A remote attacker can use unauthorized communications to downstream devices.

Mitigation
Install update from vendor's website.

Vulnerable software versions

SEL-3622: R202 - R204-V1

SEL-3620: R202 - R204-V1

External links
http://ics-cert.us-cert.gov/advisories/ICSA-17-192-06

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Security restrictions bypass in Schweitzer Engineering Laboratories SEL-3620 and SEL-3622