ABB VSN300 WiFi Logger Card

Monitor7.5ICS-CERT ICSA-17-192-03Jul 11, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

VSN300 WiFi Logger Card contains authentication and access control flaws (CWE-287, CWE-269) that allow remote attackers to access sensitive information without credentials. Affects VSN300 WiFi Logger Card (version 1.8.15 and earlier) and VSN300 WiFi Logger Card for React (version 2.1.3 and earlier). No patches are available from ABB.

What this means

What could happen

An attacker could remotely access the VSN300 WiFi Logger Card without a password and read sensitive operational data such as process setpoints, alarms, and historical logs. However, this vulnerability does not allow modification of settings or control of the device.

Who's at risk

This affects industrial facilities and utilities using ABB VSN300 WiFi Logger Cards for remote monitoring of power systems, substations, and industrial equipment. Organizations in electric utilities, municipalities, and industries relying on ABB power monitoring should assess their exposure.

How it could be exploited

An attacker on the network or with network access to the device connects directly to the VSN300 WiFi Logger Card's web interface or API without providing authentication credentials. The flawed access controls allow the attacker to retrieve sensitive monitoring data and configuration information.

Prerequisites

Network access to the VSN300 WiFi Logger Card (port 80 or other web service port)
Device must be connected to a network reachable by the attacker

remotely exploitableno authentication requiredlow complexityno patch availablesensitive data exposure

Exploitability

Moderate exploit probability (EPSS 1.4%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

VSN300 WiFi Logger Card:≤ 1.8.15No fix (EOL)

VSN300 WiFi Logger Card for React:≤ 2.1.3No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDIsolate the VSN300 WiFi Logger Card from untrusted networks using a firewall. Restrict network access to the device to only authorized monitoring systems and engineering workstations.

HARDENINGIf the device has a local web interface, configure IP address filtering or access control lists to allow only known good IP addresses to connect.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGDisable wireless access (WiFi) if it is not required for operations; use wired Ethernet connections only from trusted, segmented networks.

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: VSN300 WiFi Logger Card:, VSN300 WiFi Logger Card for React:. Apply the following compensating controls:

HARDENINGMonitor network traffic to and from the VSN300 WiFi Logger Card for unauthorized access attempts.

HARDENINGEvaluate replacement of the VSN300 WiFi Logger Card with a patched alternative product from ABB or a competing vendor that addresses these authentication flaws.

CVEs (2)

CVE-2017-7920 CVE-2017-7916

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c95ceeb0-2cfa-4f9c-af94-b91643650633