10

CVE-2017-7928

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SelincSel-3620 Firmware Versionr202
   SelincSel-3620 Version-
SelincSel-3620 Firmware Versionr203
   SelincSel-3620 Version-
SelincSel-3620 Firmware Versionr203-v
   SelincSel-3620 Version-
SelincSel-3620 Firmware Versionr203-v1
   SelincSel-3620 Version-
SelincSel-3620 Firmware Versionr204
   SelincSel-3620 Version-
SelincSel-3620 Firmware Versionr204-v1
   SelincSel-3620 Version-
SelincSel-3622 Firmware Versionr202
   SelincSel-3622 Version-
SelincSel-3622 Firmware Versionr203
   SelincSel-3622 Version-
SelincSel-3622 Firmware Versionr203-v
   SelincSel-3622 Version-
SelincSel-3622 Firmware Versionr203-v1
   SelincSel-3622 Version-
SelincSel-3622 Firmware Versionr204
   SelincSel-3622 Version-
SelincSel-3622 Firmware Versionr204-v1
   SelincSel-3622 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.643
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 3.9 6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.securityfocus.com/bid/99536
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06
Third Party Advisory
US Government Resource
Mitigation