Sign-up

ID

VAR-201708-1397


CVE

CVE-2017-7920


TITLE

ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006981

DESCRIPTION

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating. ABBVSN300WiFiLoggerCard and VSN300WiFiLoggerCardforReact are wireless data recording card products of Swiss AseaBrownBoveri (ABB). There are security vulnerabilities in ABBVSN300WiFiLoggerCard1.8.15 and earlier and VSN300WiFiLoggerCardforReact2.1.3 and earlier. An authentication-bypass vulnerability 2. A security-bypass vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions and bypass the authentication mechanism

Trust: 2.7

sources: NVD: CVE-2017-7920 // JVNDB: JVNDB-2017-006981 // CNVD: CNVD-2017-22992 // BID: 99558 // IVD: 3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05 // VULHUB: VHN-116123

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05 // CNVD: CNVD-2017-22992

AFFECTED PRODUCTS

vendor:abbmodel:vsn300 for reactscope:eqversion:2.1.3

Trust: 1.6

vendor:abbmodel:vsn300scope:lteversion:1.8.15

Trust: 1.0

vendor:abbmodel:vsn300 wifi logger card for reactscope:lteversion:2.1.3

Trust: 0.8

vendor:abbmodel:vsn300 wifi logger cardscope:lteversion:1.8.15

Trust: 0.8

vendor:abbmodel:vsn300 wifi logger cardscope:lteversion:<=1.8.15

Trust: 0.6

vendor:abbmodel:vsn300 wifi logger card for reactscope:lteversion:<=2.1.3

Trust: 0.6

vendor:abbmodel:vsn300scope:eqversion:1.8.15

Trust: 0.6

vendor:abbmodel:vsn300 wifi logger card for reactscope:eqversion:2.1.3

Trust: 0.3

vendor:abbmodel:vsn300 wifi logger card for reactscope:eqversion:0

Trust: 0.3

vendor:abbmodel:vsn300 wifi logger cardscope:eqversion:1.8.15

Trust: 0.3

vendor:abbmodel:vsn300 wifi logger cardscope:eqversion:0

Trust: 0.3

vendor:abbmodel:vsn300 wifi logger card for reactscope:neversion:2.2.5

Trust: 0.3

vendor:abbmodel:vsn300 wifi logger cardscope:neversion:1.9

Trust: 0.3

vendor:vsn300model: - scope:eqversion:*

Trust: 0.2

vendor:vsn300 for reactmodel: - scope:eqversion:2.1.3

Trust: 0.2

sources: IVD: 3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05 // CNVD: CNVD-2017-22992 // BID: 99558 // JVNDB: JVNDB-2017-006981 // CNNVD: CNNVD-201704-1050 // NVD: CVE-2017-7920

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7920
value: HIGH

Trust: 1.0

NVD: CVE-2017-7920
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-22992
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-1050
value: HIGH

Trust: 0.6

IVD: 3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05
value: HIGH

Trust: 0.2

VULHUB: VHN-116123
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7920
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-22992
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-116123
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7920
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05 // CNVD: CNVD-2017-22992 // VULHUB: VHN-116123 // JVNDB: JVNDB-2017-006981 // CNNVD: CNNVD-201704-1050 // NVD: CVE-2017-7920

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-116123 // JVNDB: JVNDB-2017-006981 // NVD: CVE-2017-7920

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1050

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201704-1050

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006981

PATCH
title:ABBVU-EPPE-ICS-VU-196220url:http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:ABB VSN300 WiFi Logger Card  and VSN300 WiFi Logger Card for React Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99756
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-006981 // 
            
            
            
            CNNVD: CNNVD-201704-1050

EXTERNAL IDS
db:NVDid:CVE-2017-7920
Trust: 3.6
db:ICS CERTid:ICSA-17-192-03
Trust: 3.4
db:BIDid:99558
Trust: 2.0
db:CNNVDid:CNNVD-201704-1050
Trust: 0.9
db:CNVDid:CNVD-2017-22992
Trust: 0.8
db:JVNDBid:JVNDB-2017-006981
Trust: 0.8
db:IVDid:3C61FA5E-9B12-48D6-AA53-1BFBA0C9EC05
Trust: 0.2
db:VULHUBid:VHN-116123
Trust: 0.1
sources:
            
            
            IVD: 3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05 // 
            
            
            
            CNVD: CNVD-2017-22992 // 
            
            
            
            VULHUB: VHN-116123 // 
            
            
            
            BID: 99558 // 
            
            
            
            JVNDB: JVNDB-2017-006981 // 
            
            
            
            CNNVD: CNNVD-201704-1050 // 
            
            
            
            NVD: CVE-2017-7920

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-192-03
Trust: 3.4
url:http://www.securityfocus.com/bid/99558
Trust: 1.7
url:http://search.abb.com/library/download.aspx?documentid=9akk107045a1977&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7920
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7920
Trust: 0.8
url:http://www.abb.com/
Trust: 0.3
url:http://search.abb.com/library/download.aspx?documentid=9akk107045a1977&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-22992 // 
            
            
            
            VULHUB: VHN-116123 // 
            
            
            
            BID: 99558 // 
            
            
            
            JVNDB: JVNDB-2017-006981 // 
            
            
            
            CNNVD: CNNVD-201704-1050 // 
            
            
            
            NVD: CVE-2017-7920

CREDITS
Maxim Rupp.
Trust: 0.3
sources:
            
            
            BID: 99558

SOURCES
db:IVDid:3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05
db:CNVDid:CNVD-2017-22992
db:VULHUBid:VHN-116123
db:BIDid:99558
db:JVNDBid:JVNDB-2017-006981
db:CNNVDid:CNNVD-201704-1050
db:NVDid:CVE-2017-7920

LAST UPDATE DATE
2025-04-20T23:04:20.808000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-22992date:2017-08-25T00:00:00
db:VULHUBid:VHN-116123date:2019-10-09T00:00:00
db:BIDid:99558date:2017-07-11T00:00:00
db:JVNDBid:JVNDB-2017-006981date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201704-1050date:2019-10-17T00:00:00
db:NVDid:CVE-2017-7920date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:3c61fa5e-9b12-48d6-aa53-1bfba0c9ec05date:2017-08-25T00:00:00
db:CNVDid:CNVD-2017-22992date:2017-08-25T00:00:00
db:VULHUBid:VHN-116123date:2017-08-07T00:00:00
db:BIDid:99558date:2017-07-11T00:00:00
db:JVNDBid:JVNDB-2017-006981date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201704-1050date:2017-04-21T00:00:00
db:NVDid:CVE-2017-7920date:2017-08-07T08:29:00.243