Sign-up

ID

VAR-201708-1389


CVE

CVE-2017-7928


TITLE

Schweitzer Engineering Laboratories SEL-3620 and SEL-3622 Security Gateway Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-007168

DESCRIPTION

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices. An attacker could exploit the vulnerability to communicate with downstream devices. Attackers can exploit this issue to gain unauthorized access to the affected device. This may aid in further attacks. The following versions are vulnerable: SEL-3620 R202, R203, R203-V1, R203-V2, R204, and R204-V1 SEL-3622 R202, R203, R203-V1, R203-V2, R204, and R204-V1

Trust: 2.79

sources: NVD: CVE-2017-7928 // JVNDB: JVNDB-2017-007168 // CNVD: CNVD-2017-22833 // BID: 99536 // IVD: e5c3576c-4d56-4689-af8a-7dc7f07200b5 // VULHUB: VHN-116131 // VULMON: CVE-2017-7928

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e5c3576c-4d56-4689-af8a-7dc7f07200b5 // CNVD: CNVD-2017-22833

AFFECTED PRODUCTS

vendor:selincmodel:sel-3622scope:eqversion:r204

Trust: 1.6

vendor:selincmodel:sel-3622scope:eqversion:r204-v1

Trust: 1.6

vendor:selincmodel:sel-3620scope:eqversion:r204

Trust: 1.6

vendor:selincmodel:sel-3622scope:eqversion:r203

Trust: 1.6

vendor:selincmodel:sel-3622scope:eqversion:r202

Trust: 1.6

vendor:selincmodel:sel-3620scope:eqversion:r204-v1

Trust: 1.6

vendor:selincmodel:sel-3620scope:eqversion:r203-v1

Trust: 1.6

vendor:selincmodel:sel-3620scope:eqversion:r203

Trust: 1.6

vendor:selincmodel:sel-3620scope:eqversion:r202

Trust: 1.6

vendor:selincmodel:sel-3620scope:eqversion:r203-v

Trust: 1.6

vendor:selincmodel:sel-3622scope:eqversion:r203-v1

Trust: 1.0

vendor:selincmodel:sel-3622scope:eqversion:r203-v

Trust: 1.0

vendor:schweitzermodel:engineering laboratories sel-3620 r202scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3620 r203scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3620 r203-v1scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3620 r203-v2scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3620 r204scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3620 r204-v1scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3622 r202scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3622 r203scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3622 r203-v1scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3622 r203-v2scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3622 r204scope: - version: -

Trust: 0.9

vendor:schweitzermodel:engineering laboratories sel-3622 r204-v1scope: - version: -

Trust: 0.9

vendor:schweitzer engineering laboratoriesmodel:sel-3620scope: - version: -

Trust: 0.8

vendor:schweitzer engineering laboratoriesmodel:sel-3622scope: - version: -

Trust: 0.8

vendor:sel 3620model:r202scope: - version: -

Trust: 0.2

vendor:sel 3620model:r203scope: - version: -

Trust: 0.2

vendor:sel 3620model:r203-vscope: - version: -

Trust: 0.2

vendor:sel 3620model:r203-v1scope: - version: -

Trust: 0.2

vendor:sel 3620model:r204scope: - version: -

Trust: 0.2

vendor:sel 3620model:r204-v1scope: - version: -

Trust: 0.2

vendor:sel 3622model:r202scope: - version: -

Trust: 0.2

vendor:sel 3622model:r203scope: - version: -

Trust: 0.2

vendor:sel 3622model:r203-vscope: - version: -

Trust: 0.2

vendor:sel 3622model:r203-v1scope: - version: -

Trust: 0.2

vendor:sel 3622model:r204scope: - version: -

Trust: 0.2

vendor:sel 3622model:r204-v1scope: - version: -

Trust: 0.2

sources: IVD: e5c3576c-4d56-4689-af8a-7dc7f07200b5 // CNVD: CNVD-2017-22833 // BID: 99536 // JVNDB: JVNDB-2017-007168 // CNNVD: CNNVD-201704-932 // NVD: CVE-2017-7928

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7928
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7928
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-22833
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-932
value: CRITICAL

Trust: 0.6

IVD: e5c3576c-4d56-4689-af8a-7dc7f07200b5
value: CRITICAL

Trust: 0.2

VULHUB: VHN-116131
value: HIGH

Trust: 0.1

VULMON: CVE-2017-7928
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7928
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-22833
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e5c3576c-4d56-4689-af8a-7dc7f07200b5
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-116131
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7928
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: IVD: e5c3576c-4d56-4689-af8a-7dc7f07200b5 // CNVD: CNVD-2017-22833 // VULHUB: VHN-116131 // VULMON: CVE-2017-7928 // JVNDB: JVNDB-2017-007168 // CNNVD: CNNVD-201704-932 // NVD: CVE-2017-7928

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-116131 // JVNDB: JVNDB-2017-007168 // NVD: CVE-2017-7928

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-932

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201704-932

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007168

PATCH
title:SEL-3620url:https://selinc.com/products/3620/
Trust: 0.8
title:SEL-3622url:https://selinc.com/products/3622/
Trust: 0.8
title:Schweitzer Engineering Laboratories SEL-3620 and SEL-3622 Security Gateway are not authorized to access vulnerable patchesurl:https://www.cnvd.org.cn/patchInfo/show/100855
Trust: 0.6
title:Schweitzer Engineering Laboratories SEL-3620  and SEL-3622 Security Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99747
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-22833 // 
            
            
            
            JVNDB: JVNDB-2017-007168 // 
            
            
            
            CNNVD: CNNVD-201704-932

EXTERNAL IDS
db:NVDid:CVE-2017-7928
Trust: 3.7
db:ICS CERTid:ICSA-17-192-06
Trust: 3.5
db:BIDid:99536
Trust: 2.7
db:CNNVDid:CNNVD-201704-932
Trust: 0.9
db:CNVDid:CNVD-2017-22833
Trust: 0.8
db:JVNDBid:JVNDB-2017-007168
Trust: 0.8
db:IVDid:E5C3576C-4D56-4689-AF8A-7DC7F07200B5
Trust: 0.2
db:VULHUBid:VHN-116131
Trust: 0.1
db:VULMONid:CVE-2017-7928
Trust: 0.1
sources:
            
            
            IVD: e5c3576c-4d56-4689-af8a-7dc7f07200b5 // 
            
            
            
            CNVD: CNVD-2017-22833 // 
            
            
            
            VULHUB: VHN-116131 // 
            
            
            
            VULMON: CVE-2017-7928 // 
            
            
            
            BID: 99536 // 
            
            
            
            JVNDB: JVNDB-2017-007168 // 
            
            
            
            CNNVD: CNNVD-201704-932 // 
            
            
            
            NVD: CVE-2017-7928

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-192-06
Trust: 3.6
url:http://www.securityfocus.com/bid/99536
Trust: 2.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7928
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7928
Trust: 0.8
url:https://selinc.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-22833 // 
            
            
            
            VULHUB: VHN-116131 // 
            
            
            
            VULMON: CVE-2017-7928 // 
            
            
            
            BID: 99536 // 
            
            
            
            JVNDB: JVNDB-2017-007168 // 
            
            
            
            CNNVD: CNNVD-201704-932 // 
            
            
            
            NVD: CVE-2017-7928

CREDITS
Jason Holcomb
Trust: 0.3
sources:
            
            
            BID: 99536

SOURCES
db:IVDid:e5c3576c-4d56-4689-af8a-7dc7f07200b5
db:CNVDid:CNVD-2017-22833
db:VULHUBid:VHN-116131
db:VULMONid:CVE-2017-7928
db:BIDid:99536
db:JVNDBid:JVNDB-2017-007168
db:CNNVDid:CNNVD-201704-932
db:NVDid:CVE-2017-7928

LAST UPDATE DATE
2025-04-20T23:23:37.705000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-22833date:2017-08-25T00:00:00
db:VULHUBid:VHN-116131date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-7928date:2019-10-09T00:00:00
db:BIDid:99536date:2017-07-11T00:00:00
db:JVNDBid:JVNDB-2017-007168date:2017-09-12T00:00:00
db:CNNVDid:CNNVD-201704-932date:2019-10-17T00:00:00
db:NVDid:CVE-2017-7928date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:e5c3576c-4d56-4689-af8a-7dc7f07200b5date:2017-08-25T00:00:00
db:CNVDid:CNVD-2017-22833date:2017-08-25T00:00:00
db:VULHUBid:VHN-116131date:2017-08-07T00:00:00
db:VULMONid:CVE-2017-7928date:2017-08-07T00:00:00
db:BIDid:99536date:2017-07-11T00:00:00
db:JVNDBid:JVNDB-2017-007168date:2017-09-12T00:00:00
db:CNNVDid:CNNVD-201704-932date:2017-04-20T00:00:00
db:NVDid:CVE-2017-7928date:2017-08-07T08:29:00.290