CVE-2017-7928

Published Aug 7, 2017

Last updated 5 years ago

CVSS critical 10.0

Overview

Description: An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 10
Impact score: 6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
ics-cert@hq.dhs.gov: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:selinc:sel-3620_firmware:r202:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6583BFAD-2575-4E44-8627-93F398CC5FBC"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-3620_firmware:r203:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "402F8A8A-1F2C-4604-B18C-AB2A25003A63"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-3620_firmware:r203-v:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45E61C60-30D0-45C9-BFC5-6FA526AAD466"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-3620_firmware:r203-v1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90060D74-8688-477B-842A-47A02F8B28D3"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-3620_firmware:r204:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38283FF1-5422-4D73-84CC-7EC57286A8FF"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-3620_firmware:r204-v1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD1BD563-98E4-4A2D-9489-5EA7959546EB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:selinc:sel-3620:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5DDB548A-15DE-4512-9C02-6197E08051DE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:selinc:sel-3622_firmware:r202:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F65F7FC5-C8EF-4884-B5F5-66DBE6751121"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-3622_firmware:r203:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46A6C684-A415-4A00-AB85-13A127A13D65"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-3622_firmware:r203-v:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C7DCDDC-AE50-4322-BCEE-BF636ECA84B8"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-3622_firmware:r203-v1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B20DCC56-E2F2-4414-89D3-821F7E230B2E"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-3622_firmware:r204:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88CA202B-F6D0-4727-BFC0-DBA9A871B582"
          },
          {
            "criteria": "cpe:2.3:o:selinc:sel-3622_firmware:r204-v1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F2DFB60-2951-4AAA-9094-CA7F90EC82DE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:selinc:sel-3622:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F2A5E4D1-3584-4B2A-9598-601AAD7FF977"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References