返回 CVE 浏览器

CVE-2017-7928

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1740%

EPSS Percentile10.90th

Published2017年8月7日

Last Modified2026年5月13日

Vulnerability Description

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices.

Affected Platforms (CPE)

💻

Selinc

Sel 3620 Firmware

= r202

💻

Selinc

Sel 3620 Firmware

= r203

💻

Selinc

Sel 3620 Firmware

= r203-v

💻

Selinc

Sel 3620 Firmware

= r203-v1

💻

Selinc

Sel 3620 Firmware

= r204

💻

Selinc

Sel 3620 Firmware

= r204-v1

💻

Selinc

Sel 3622 Firmware

= r202

💻

Selinc

Sel 3622 Firmware

= r203

💻

Selinc

Sel 3622 Firmware

= r203-v

💻

Selinc

Sel 3622 Firmware

= r203-v1

💻

Selinc

Sel 3622 Firmware

= r204

💻

Selinc

Sel 3622 Firmware

= r204-v1

References & Advisories

🔗 http://www.securityfocus.com/bid/99536

🔗 https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06

🔗 http://www.securityfocus.com/bid/99536

🔗 https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06

相关漏洞威胁

CVE-2017-1015110.0

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported vers...

CVE-2017-1290510.0

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information ...

CVE-2017-1013710.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that ar...

CVE-2017-1026910.0

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affecte...