{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T16:13:54.542","vulnerabilities":[{"cve":{"id":"CVE-2017-7928","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-08-07T08:29:00.290","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices."},{"lang":"es","value":"Se ha descubierto un problema de control de acceso incorrecto en Schweitzer Engineering Laboratories (SEL) SEL-3620 y SEL-3622 Security Gateway Versiones R202 y, R203, R203-V1, R203-V2 y, R204, R204-V1. El dispositivo no aplica correctamente controles de acceso al estar configurado para el reenvío de puertos NAT, lo que podría permitir que se realizasen comunicaciones no autorizadas a dispositivos de bajada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3620_firmware:r202:*:*:*:*:*:*:*","matchCriteriaId":"6583BFAD-2575-4E44-8627-93F398CC5FBC"},{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3620_firmware:r203:*:*:*:*:*:*:*","matchCriteriaId":"402F8A8A-1F2C-4604-B18C-AB2A25003A63"},{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3620_firmware:r203-v:*:*:*:*:*:*:*","matchCriteriaId":"45E61C60-30D0-45C9-BFC5-6FA526AAD466"},{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3620_firmware:r203-v1:*:*:*:*:*:*:*","matchCriteriaId":"90060D74-8688-477B-842A-47A02F8B28D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3620_firmware:r204:*:*:*:*:*:*:*","matchCriteriaId":"38283FF1-5422-4D73-84CC-7EC57286A8FF"},{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3620_firmware:r204-v1:*:*:*:*:*:*:*","matchCriteriaId":"FD1BD563-98E4-4A2D-9489-5EA7959546EB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:selinc:sel-3620:-:*:*:*:*:*:*:*","matchCriteriaId":"5DDB548A-15DE-4512-9C02-6197E08051DE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3622_firmware:r202:*:*:*:*:*:*:*","matchCriteriaId":"F65F7FC5-C8EF-4884-B5F5-66DBE6751121"},{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3622_firmware:r203:*:*:*:*:*:*:*","matchCriteriaId":"46A6C684-A415-4A00-AB85-13A127A13D65"},{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3622_firmware:r203-v:*:*:*:*:*:*:*","matchCriteriaId":"2C7DCDDC-AE50-4322-BCEE-BF636ECA84B8"},{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3622_firmware:r203-v1:*:*:*:*:*:*:*","matchCriteriaId":"B20DCC56-E2F2-4414-89D3-821F7E230B2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3622_firmware:r204:*:*:*:*:*:*:*","matchCriteriaId":"88CA202B-F6D0-4727-BFC0-DBA9A871B582"},{"vulnerable":true,"criteria":"cpe:2.3:o:selinc:sel-3622_firmware:r204-v1:*:*:*:*:*:*:*","matchCriteriaId":"3F2DFB60-2951-4AAA-9094-CA7F90EC82DE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:selinc:sel-3622:-:*:*:*:*:*:*:*","matchCriteriaId":"F2A5E4D1-3584-4B2A-9598-601AAD7FF977"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/99536","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/99536","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}}]}