Abb Srea 01 And Srea 50
Approved changes feed: RSS · Atom
cpe:2.3:a:ics-cert:abb_srea-01_and_srea-50:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ics Cert (051affbf-57c0-5afb-b9c5-709cc698da32) |
|---|---|
| Product | Abb Srea 01 And Srea 50 (59da0fe4-fc43-5d77-b7d8-45dd8c892f8d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-9664 |
vulnerable | 2026-06-03 14:37:42.045315 |
Details available
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.
Published: 2018-05-24T20:00:00.000Z
Updated: 2024-09-16T23:51:37.486Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.