cnvd - cnvd-2017-22992

CNVD-2017-22992

Vulnerability from cnvd - Published: 2017-08-25

Title

ABB VSN300 WiFi Logger Card和VSN300 WiFi Logger Card for React权限获取漏洞

Description

ABB VSN300 WiFi Logger Card和VSN300 WiFi Logger Card for React都是瑞士Asea Brown Boveri（ABB）公司的无线数据记录卡产品。 ABB VSN300 WiFi Logger Card 1.8.15及之前版本和VSN300 WiFi Logger Card for React 2.1.3及之前版本中存在安全漏洞。攻击者可利用该漏洞获取内部有关状态和连接设备信息的访问权限。

Severity

高

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03

Impacted products

Name
['ABB VSN300 WiFi Logger Card <=1.8.15', 'ABB VSN300 WiFi Logger Card for React <=2.1.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7920"
    }
  },
  "description": "ABB VSN300 WiFi Logger Card\u548cVSN300 WiFi Logger Card for React\u90fd\u662f\u745e\u58ebAsea Brown Boveri\uff08ABB\uff09\u516c\u53f8\u7684\u65e0\u7ebf\u6570\u636e\u8bb0\u5f55\u5361\u4ea7\u54c1\u3002\r\n\r\nABB VSN300 WiFi Logger Card 1.8.15\u53ca\u4e4b\u524d\u7248\u672c\u548cVSN300 WiFi Logger Card for React 2.1.3\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5185\u90e8\u6709\u5173\u72b6\u6001\u548c\u8fde\u63a5\u8bbe\u5907\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Maxim Rupp",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-22992",
  "openTime": "2017-08-25",
  "products": {
    "product": [
      "ABB VSN300 WiFi Logger Card \u003c=1.8.15",
      "ABB  VSN300 WiFi Logger Card for React \u003c=2.1.3"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03",
  "serverity": "\u9ad8",
  "submitTime": "2017-08-03",
  "title": "ABB VSN300 WiFi Logger Card\u548cVSN300 WiFi Logger Card for React\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e"
}

CVE-2017-7920 (GCVE-0-2017-7920)

Vulnerability from cvelistv5 – Published: 2017-08-07 08:00 – Updated: 2024-08-05 16:19

Summary

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating.

Severity ?

No CVSS data available.

CWE

CWE-287

Assigner

icscert

References

URL

Tags

	http://www.securityfocus.com/bid/99558	vdb-entryx_refsource_BID
	http://search.abb.com/library/Download.aspx?Docum…	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	ABB VSN300 WiFi Logger Card	Affected: ABB VSN300 WiFi Logger Card

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99558",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99558"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ABB VSN300 WiFi Logger Card",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ABB VSN300 WiFi Logger Card"
            }
          ]
        }
      ],
      "datePublic": "2017-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T09:57:02",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "99558",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99558"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-7920",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ABB VSN300 WiFi Logger Card",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ABB VSN300 WiFi Logger Card"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99558",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99558"
            },
            {
              "name": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "MISC",
              "url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-7920",
    "datePublished": "2017-08-07T08:00:00",
    "dateReserved": "2017-04-18T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-22992

CVE-2017-7920 (GCVE-0-2017-7920)

Tags

Sightings

Nomenclature