Relative path traversal in SREA-01 and SREA-50 - CVE-2017-9664
Published: August 10, 2017 / Updated: August 15, 2017
Vulnerability identifier: #VU7863
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-9664
CWE-ID: CWE-23
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ABB
Affected software:
SREA-01
SREA-50
SREA-01
SREA-50
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to relative path traversal. A remote attacker can send a specially crafted HTTP request, perform relative path traversal attack and gain access to internal files, view data, change configuration, retrieve password hash codes, and potentially insert and send commands to connected devices without authorization.
The weakness exists due to relative path traversal. A remote attacker can send a specially crafted HTTP request, perform relative path traversal attack and gain access to internal files, view data, change configuration, retrieve password hash codes, and potentially insert and send commands to connected devices without authorization.
How to mitigate CVE-2017-9664
Update to the latest version.
http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A1782&LanguageCode=en&a...
http://search-ext.abb.com/library/Download.aspx?DocumentID=9AKK107045A1782&LanguageCode=en&a...