CVE-2017-9664

moderate-risk
Published 2018-05-24

In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.

Do I need to act?

~
2.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Srea-50 Firmware
Srea-01 Firmware

Affected Vendors

Abb

References (4)

Third Party Advisory http://www.securityfocus.com/bid/100260
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-222-05
Third Party Advisory http://www.securityfocus.com/bid/100260
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-222-05
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 5/34 · Minimal
Exposure 7/34 · Low