QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-9664

Back to search

CVE-2017-9664

Published: May 24, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.

VendorProductVersions

ICS-CERT

ABB SREA-01 and SREA-50

affected
SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8.

Weaknesses (CWE)

CWE-23

References

100260
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now