← Back

CVE-2017-7920

nvd nist
Published: Aug 7, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating.

Affected (2)

Abb
2 products
Vsn300 Firmware
Vsn300 For React Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vsn300 Firmware
Up to 1.8.15
Running on/withPlatform Versions
Abb
Vsn300
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vsn300 For React Firmware
Version 2.1.3
Running on/withPlatform Versions
Abb
Vsn300 For React
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: ics-cert@hq.dhs.gov
Vendor Advisory
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.