Search criteria
2 vulnerabilities found for mesr901_firmware by advantech_b\+b_smartworx
CVE-2017-7909 (GCVE-0-2017-7909)
Vulnerability from nvd – Published: 2017-05-06 00:00 – Updated: 2024-08-05 16:19
VLAI?
Summary
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech B+B SmartWorx MESR901 |
Affected:
Advantech B+B SmartWorx MESR901
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03"
},
{
"name": "98257",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech B+B SmartWorx MESR901",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Advantech B+B SmartWorx MESR901"
}
]
}
],
"datePublic": "2017-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-603",
"description": "CWE-603",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-08T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03"
},
{
"name": "98257",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98257"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech B+B SmartWorx MESR901",
"version": {
"version_data": [
{
"version_value": "Advantech B+B SmartWorx MESR901"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-603"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03"
},
{
"name": "98257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98257"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-7909",
"datePublished": "2017-05-06T00:00:00",
"dateReserved": "2017-04-18T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7909 (GCVE-0-2017-7909)
Vulnerability from cvelistv5 – Published: 2017-05-06 00:00 – Updated: 2024-08-05 16:19
VLAI?
Summary
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Advantech B+B SmartWorx MESR901 |
Affected:
Advantech B+B SmartWorx MESR901
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03"
},
{
"name": "98257",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech B+B SmartWorx MESR901",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Advantech B+B SmartWorx MESR901"
}
]
}
],
"datePublic": "2017-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-603",
"description": "CWE-603",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-08T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03"
},
{
"name": "98257",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98257"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech B+B SmartWorx MESR901",
"version": {
"version_data": [
{
"version_value": "Advantech B+B SmartWorx MESR901"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-603"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03"
},
{
"name": "98257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98257"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-7909",
"datePublished": "2017-05-06T00:00:00",
"dateReserved": "2017-04-18T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}