How severe is CVE-2017-9664?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2017-9664?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2017-9664 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.

Related Vulnerabilities

CVE-2019-17640

CRITICAL

CVSS:9.8(Critical)

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctl...

CWE-232019

CVE-2020-10631

CRITICAL

CVSS:9.8(Critical)

An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

CWE-232020

CVE-2020-12006

CRITICAL

CVSS:9.8(Critical)

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’...

CWE-232020

CVE-2020-25172

CRITICAL

CVSS:9.8(Critical)

A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.

CWE-232020

CVE-2020-25176

CRITICAL

CVSS:9.8(Critical)

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the...

CWE-232020

CVE-2020-27304

CRITICAL

CVSS:9.8(Critical)

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request AP...

CWE-232020