CVE-2017-7916
MEDIUMABB VSN300 WiFi Logger Card <=1.8.15 & VSN300 for React <=2.1.3 - Unauthenticated Privilege Escalation
Title source: llmDescription
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99558
Vendor Advisory x_refsource_misc
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03
Scores
CVSS v3
6.5
EPSS
0.0028
EPSS Percentile
51.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-264
CWE-269
Status
published
Products (3)
abb/vsn300_firmware
< 1.8.15
abb/vsn300_for_react_firmware
2.1.3
n/a/ABB VSN300 WiFi Logger Card
ABB VSN300 WiFi Logger Card
Published
Aug 07, 2017
Tracked Since
Feb 18, 2026