CVE-2017-7928 Information

Description

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and R203 R203-V1 R203-V2 and R204 R204-V1. The device does not properly enforce access control while configured for NAT port forwarding which may allow for unauthorized communications to downstream devices.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/99536 https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

10.0