Critical severity9.8NVD Advisory· Published May 24, 2018· Updated Jun 17, 2026
CVE-2017-9664
CVE-2017-9664
Description
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- ICS-CERT/ABB SREA-01 and SREA-50v5Range: SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8.
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/100260nvdThird Party AdvisoryVDB Entry
- ics-cert.us-cert.gov/advisories/ICSA-17-222-05nvdMitigationThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.