Lucene search
IcscertCVELIST:CVE-2017-9664HistoryMay 24, 2018 - 12:00 a.m.
CVE-2017-9664
2018-05-2400:00:00
CWE-23
icscert
www.cve.org
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using …/…/ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.
CNA Affected
[
{
"product": "ABB SREA-01 and SREA-50",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8."
}
]
}
]Related
prion
prion
Authorization
2018-05-24 20:29:00
cve
cve
CVE-2017-9664
2018-05-24 20:29:00
ics
ics
ABB SREA-01 and SREA-50
2017-08-10 12:00:00
nvd
nvd
CVE-2017-9664
2018-05-24 20:29:00
openvas
openvas
Anti-Web Directory Traversal Vulnerability
2017-06-20 00:00:00