Lucene search

[email protected]NVD:CVE-2017-7928

HistoryAug 07, 2017 - 8:29 a.m.

CVE-2017-7928

2017-08-0708:29:00

CWE-284

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

58.8%

JSON

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices.

Affected configurations

Nvd

Node

selincsel-3620_firmwareMatchr202

selincsel-3620_firmwareMatchr203

selincsel-3620_firmwareMatchr203-v

selincsel-3620_firmwareMatchr203-v1

selincsel-3620_firmwareMatchr204

selincsel-3620_firmwareMatchr204-v1

AND

selincsel-3620Match-

Node

selincsel-3622_firmwareMatchr202

selincsel-3622_firmwareMatchr203

selincsel-3622_firmwareMatchr203-v

selincsel-3622_firmwareMatchr203-v1

selincsel-3622_firmwareMatchr204

selincsel-3622_firmwareMatchr204-v1

AND

selincsel-3622Match-

VendorProductVersionCPE
selincsel-3620_firmwarer202cpe:2.3:o:selinc:sel-3620_firmware:r202:*:*:*:*:*:*:*
selincsel-3620_firmwarer203cpe:2.3:o:selinc:sel-3620_firmware:r203:*:*:*:*:*:*:*
selincsel-3620_firmwarer203-vcpe:2.3:o:selinc:sel-3620_firmware:r203-v:*:*:*:*:*:*:*
selincsel-3620_firmwarer203-v1cpe:2.3:o:selinc:sel-3620_firmware:r203-v1:*:*:*:*:*:*:*
selincsel-3620_firmwarer204cpe:2.3:o:selinc:sel-3620_firmware:r204:*:*:*:*:*:*:*
selincsel-3620_firmwarer204-v1cpe:2.3:o:selinc:sel-3620_firmware:r204-v1:*:*:*:*:*:*:*
selincsel-3620-cpe:2.3:h:selinc:sel-3620:-:*:*:*:*:*:*:*
selincsel-3622_firmwarer202cpe:2.3:o:selinc:sel-3622_firmware:r202:*:*:*:*:*:*:*
selincsel-3622_firmwarer203cpe:2.3:o:selinc:sel-3622_firmware:r203:*:*:*:*:*:*:*
selincsel-3622_firmwarer203-vcpe:2.3:o:selinc:sel-3622_firmware:r203-v:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
selinc	sel-3620_firmware	r202	cpe:2.3:o:selinc:sel-3620_firmware:r202:::::::*
selinc	sel-3620_firmware	r203	cpe:2.3:o:selinc:sel-3620_firmware:r203:::::::*
selinc	sel-3620_firmware	r203-v	cpe:2.3:o:selinc:sel-3620_firmware:r203-v:::::::*
selinc	sel-3620_firmware	r203-v1	cpe:2.3:o:selinc:sel-3620_firmware:r203-v1:::::::*
selinc	sel-3620_firmware	r204	cpe:2.3:o:selinc:sel-3620_firmware:r204:::::::*
selinc	sel-3620_firmware	r204-v1	cpe:2.3:o:selinc:sel-3620_firmware:r204-v1:::::::*
selinc	sel-3620	-	cpe:2.3:h:selinc:sel-3620:-:::::::*
selinc	sel-3622_firmware	r202	cpe:2.3:o:selinc:sel-3622_firmware:r202:::::::*
selinc	sel-3622_firmware	r203	cpe:2.3:o:selinc:sel-3622_firmware:r203:::::::*
selinc	sel-3622_firmware	r203-v	cpe:2.3:o:selinc:sel-3622_firmware:r203-v:::::::*

Rows per page:

1-10 of 141

References

www.securityfocus.com/bid/99536

ics-cert.us-cert.gov/advisories/ICSA-17-192-06

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

58.8%

JSON

Related for NVD:CVE-2017-7928

cve1 ics1 nessus1 cvelist1 prion1