CVE-2017-9664 Information

Description

In ABB SREA-01 revisions A B C: application versions up to 3.31.5 and SREA-50 revision A: application versions up to 3.32.8 an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/100260 https://ics-cert.us-cert.gov/advisories/ICSA-17-222-05

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8