Sign-up

ID

VAR-201708-1396


CVE

CVE-2017-7916


TITLE

ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-006980

DESCRIPTION

A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted. An authentication-bypass vulnerability 2. A security-bypass vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions and bypass the authentication mechanism

Trust: 2.7

sources: NVD: CVE-2017-7916 // JVNDB: JVNDB-2017-006980 // CNVD: CNVD-2017-17218 // BID: 99558 // IVD: 4540790e-c339-4031-b7a6-176c7e6ceff8 // VULHUB: VHN-116119

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 4540790e-c339-4031-b7a6-176c7e6ceff8 // CNVD: CNVD-2017-17218

AFFECTED PRODUCTS

vendor:abbmodel:vsn300 for reactscope:eqversion:2.1.3

Trust: 1.6

vendor:abbmodel:vsn300scope:lteversion:1.8.15

Trust: 1.0

vendor:abbmodel:vsn300 wifi logger card for reactscope:lteversion:2.1.3

Trust: 0.8

vendor:abbmodel:vsn300 wifi logger cardscope:lteversion:1.8.15

Trust: 0.8

vendor:abbmodel:vsn300 wifi logger cardscope:lteversion:<=1.8.15

Trust: 0.6

vendor:abbmodel:vsn300 wifi logger card for reactscope:lteversion:<=2.1.3

Trust: 0.6

vendor:abbmodel:vsn300scope:eqversion:1.8.15

Trust: 0.6

vendor:abbmodel:vsn300 wifi logger card for reactscope:eqversion:2.1.3

Trust: 0.3

vendor:abbmodel:vsn300 wifi logger card for reactscope:eqversion:0

Trust: 0.3

vendor:abbmodel:vsn300 wifi logger cardscope:eqversion:1.8.15

Trust: 0.3

vendor:abbmodel:vsn300 wifi logger cardscope:eqversion:0

Trust: 0.3

vendor:abbmodel:vsn300 wifi logger card for reactscope:neversion:2.2.5

Trust: 0.3

vendor:abbmodel:vsn300 wifi logger cardscope:neversion:1.9

Trust: 0.3

vendor:vsn300model: - scope:eqversion:*

Trust: 0.2

vendor:vsn300 for reactmodel: - scope:eqversion:2.1.3

Trust: 0.2

sources: IVD: 4540790e-c339-4031-b7a6-176c7e6ceff8 // CNVD: CNVD-2017-17218 // BID: 99558 // JVNDB: JVNDB-2017-006980 // CNNVD: CNNVD-201707-602 // NVD: CVE-2017-7916

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7916
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7916
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-17218
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201707-602
value: MEDIUM

Trust: 0.6

IVD: 4540790e-c339-4031-b7a6-176c7e6ceff8
value: MEDIUM

Trust: 0.2

VULHUB: VHN-116119
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7916
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-17218
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4540790e-c339-4031-b7a6-176c7e6ceff8
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-116119
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7916
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 4540790e-c339-4031-b7a6-176c7e6ceff8 // CNVD: CNVD-2017-17218 // VULHUB: VHN-116119 // JVNDB: JVNDB-2017-006980 // CNNVD: CNNVD-201707-602 // NVD: CVE-2017-7916

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-269

Trust: 1.1

sources: VULHUB: VHN-116119 // JVNDB: JVNDB-2017-006980 // NVD: CVE-2017-7916

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-602

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201707-602

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006980

PATCH
title:ABBVU-EPPE-ICS-VU-196220url:http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React Access Control Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/99152
Trust: 0.6
title:ABB VSN300 WiFi Logger Card  and VSN300 WiFi Logger Card for React Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71716
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-17218 // 
            
            
            
            JVNDB: JVNDB-2017-006980 // 
            
            
            
            CNNVD: CNNVD-201707-602

EXTERNAL IDS
db:NVDid:CVE-2017-7916
Trust: 3.6
db:ICS CERTid:ICSA-17-192-03
Trust: 3.4
db:BIDid:99558
Trust: 2.0
db:CNNVDid:CNNVD-201707-602
Trust: 0.9
db:CNVDid:CNVD-2017-17218
Trust: 0.8
db:JVNDBid:JVNDB-2017-006980
Trust: 0.8
db:IVDid:4540790E-C339-4031-B7A6-176C7E6CEFF8
Trust: 0.2
db:VULHUBid:VHN-116119
Trust: 0.1
sources:
            
            
            IVD: 4540790e-c339-4031-b7a6-176c7e6ceff8 // 
            
            
            
            CNVD: CNVD-2017-17218 // 
            
            
            
            VULHUB: VHN-116119 // 
            
            
            
            BID: 99558 // 
            
            
            
            JVNDB: JVNDB-2017-006980 // 
            
            
            
            CNNVD: CNNVD-201707-602 // 
            
            
            
            NVD: CVE-2017-7916

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-192-03
Trust: 3.4
url:http://www.securityfocus.com/bid/99558
Trust: 1.7
url:http://search.abb.com/library/download.aspx?documentid=9akk107045a1977&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7916
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7916
Trust: 0.8
url:http://www.abb.com/
Trust: 0.3
url:http://search.abb.com/library/download.aspx?documentid=9akk107045a1977&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-17218 // 
            
            
            
            VULHUB: VHN-116119 // 
            
            
            
            BID: 99558 // 
            
            
            
            JVNDB: JVNDB-2017-006980 // 
            
            
            
            CNNVD: CNNVD-201707-602 // 
            
            
            
            NVD: CVE-2017-7916

CREDITS
Maxim Rupp.
Trust: 0.3
sources:
            
            
            BID: 99558

SOURCES
db:IVDid:4540790e-c339-4031-b7a6-176c7e6ceff8
db:CNVDid:CNVD-2017-17218
db:VULHUBid:VHN-116119
db:BIDid:99558
db:JVNDBid:JVNDB-2017-006980
db:CNNVDid:CNNVD-201707-602
db:NVDid:CVE-2017-7916

LAST UPDATE DATE
2025-04-20T23:04:20.769000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-17218date:2017-07-28T00:00:00
db:VULHUBid:VHN-116119date:2019-10-09T00:00:00
db:BIDid:99558date:2017-07-11T00:00:00
db:JVNDBid:JVNDB-2017-006980date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-602date:2019-10-17T00:00:00
db:NVDid:CVE-2017-7916date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:4540790e-c339-4031-b7a6-176c7e6ceff8date:2017-07-28T00:00:00
db:CNVDid:CNVD-2017-17218date:2017-07-28T00:00:00
db:VULHUBid:VHN-116119date:2017-08-07T00:00:00
db:BIDid:99558date:2017-07-11T00:00:00
db:JVNDBid:JVNDB-2017-006980date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-602date:2017-07-14T00:00:00
db:NVDid:CVE-2017-7916date:2017-08-07T08:29:00.197