CVE-2017-7928

high-risk
Published 2017-08-07

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices.

Do I need to act?

-
0.53% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (12)

Sel-3620 Firmware
Sel-3620 Firmware
Sel-3620 Firmware
Sel-3620 Firmware
Sel-3620 Firmware
Sel-3622 Firmware
Sel-3622 Firmware
Sel-3620 Firmware
Sel-3622 Firmware
Sel-3622 Firmware
Sel-3622 Firmware
Sel-3622 Firmware

Affected Vendors

Selinc

References (4)

Third Party Advisory http://www.securityfocus.com/bid/99536
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06
Third Party Advisory http://www.securityfocus.com/bid/99536
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06
52
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 2/34 · Minimal
Exposure 17/34 · Moderate