CVE-2017-7909
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.
Un problema de uso de autenticación del lado del cliente se detectó en B+B SmartWorx MESR901 versiones de firmwares 1.5.2 y anteriores de Advantech. La interfaz web utiliza JavaScript para comprobar la autenticación de cliente y redireccionar a los usuarios no autorizados. Los atacantes pueden interceptar peticiones y omitir la autenticación para acceder a páginas web restringidas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-18 CVE Reserved
- 2017-05-06 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-603: Use of Client-Side Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/98257 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Advantech B\+b Smartworx Search vendor "Advantech B\+b Smartworx" | Mesr901 Firmware Search vendor "Advantech B\+b Smartworx" for product "Mesr901 Firmware" | <= 1.5.2 Search vendor "Advantech B\+b Smartworx" for product "Mesr901 Firmware" and version " <= 1.5.2" | - |
Affected
| in | Advantech B\+b Smartworx Search vendor "Advantech B\+b Smartworx" | Mesr901 Search vendor "Advantech B\+b Smartworx" for product "Mesr901" | - | - |
Safe
|