CVE-2017-7931 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2017-7931?

CVE-2017-7931 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to access configuration files and application pages in ABB IP GATEWAY devices by accessing specific URLs. It affects ABB IP GATEWAY versions 3.39 and earlier. This is an authentication bypass vulnerability that exposes sensitive system information.

📋 TL;DR

This vulnerability allows unauthenticated attackers to access configuration files and application pages in ABB IP GATEWAY devices by accessing specific URLs. It affects ABB IP GATEWAY versions 3.39 and earlier. This is an authentication bypass vulnerability that exposes sensitive system information.

💻 Affected Systems

Products:

ABB IP GATEWAY

Versions: 3.39 and prior versions

Operating Systems: Embedded/Proprietary

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web server component of ABB IP GATEWAY devices used in industrial control systems.

📦 What is this software?

Ip Gateway Firmware by Abb

View all CVEs affecting Ip Gateway Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative access to industrial control systems, potentially modifying configurations, disrupting operations, or using the device as an entry point into critical infrastructure networks.

🟠

Likely Case

Unauthenticated attackers access sensitive configuration data, potentially exposing credentials, network settings, and system parameters that could facilitate further attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to information disclosure without direct access to critical control systems.

🌐 Internet-Facing: HIGH - Directly accessible web interfaces without authentication allow complete information disclosure and potential system compromise.

🏢 Internal Only: HIGH - Even internally, unauthenticated access to configuration files provides attackers with sensitive information for lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web browser access to specific URLs without authentication. Public advisories provide sufficient detail for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.40 or later

Vendor Advisory: https://new.abb.com/news/detail/5728/security-notice-regarding-abb-ip-gateway

Restart Required: Yes

Instructions:

1. Download firmware version 3.40 or later from ABB support portal. 2. Backup current configuration. 3. Upload new firmware via web interface. 4. Restart device. 5. Verify authentication is required for all URLs.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate ABB IP GATEWAY devices from untrusted networks using firewalls.

Access Control Lists

all

Implement strict IP-based access controls to limit who can reach the web interface.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from untrusted networks
Deploy web application firewall rules to block access to sensitive URLs without authentication

🔍 How to Verify

Check if Vulnerable:

Attempt to access configuration URLs without authentication: http://[device-ip]/config or similar sensitive paths. If accessible without login, device is vulnerable.

Check Version:

Check web interface login page or system information page for firmware version. Should show 3.40 or higher.

Verify Fix Applied:

After patching, verify that accessing configuration URLs requires authentication and returns appropriate access denied responses.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access to configuration URLs
Multiple failed login attempts followed by successful configuration access

Network Indicators:

HTTP GET requests to /config, /settings, or similar paths without preceding authentication

SIEM Query:

source="web_server" AND (url="/config" OR url="/settings") AND NOT (user!="anonymous" OR auth_success="true")

📊 Metadata

CVE ID: CVE-2017-7931

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: June 6, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/104388 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-156-01 Third Party Advisory,US Government Resource
http://www.securityfocus.com/bid/104388 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-156-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-7931, you might also want to check these: