← Back

CVE-2017-7928

nvd nist
Published: Aug 7, 2017Modified: May 13, 2026

JSON object

Loading...
10.0
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 6.0
Source: NVD

Description

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices.

Affected (12)

Selinc
2 products
Sel 3620 Firmware
Sel 3622 Firmware
Configuration A
6 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Selinc
Sel 3620 Firmware
Version r202
Sel 3620 Firmware
Version r203-v1
Sel 3620 Firmware
Version r203-v
Sel 3620 Firmware
Version r203
Sel 3620 Firmware
Version r204-v1
Sel 3620 Firmware
Version r204
Running on/withPlatform Versions
Selinc
Sel 3620
All versions
Configuration B
6 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Selinc
Sel 3622 Firmware
Version r202
Sel 3622 Firmware
Version r203-v1
Sel 3622 Firmware
Version r203-v
Sel 3622 Firmware
Version r203
Sel 3622 Firmware
Version r204-v1
Sel 3622 Firmware
Version r204
Running on/withPlatform Versions
Selinc
Sel 3622
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.