Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.
CVSS Information
N/A
Vulnerability Type
相对路径遍历
Vulnerability Title
ABB SREA-01和SREA-50 路径遍历漏洞
Vulnerability Description
ABB SREA-01和SREA-50都是瑞士ABB公司的变频器产品。 ABB SREA-01和SREA-50中存在路径遍历漏洞。攻击者可通过发送带有‘../../’的HTTP请求利用该漏洞访问受影响产品的内部文件。以下产品和版本受到影响:ABB SREA-50 A 3.32.8版本,ABB SREA-01 C 3.31.5版本,ABB SREA-01 B 3.31.5版本,ABB SREA-01 A 3.31.5版本。
CVSS Information
N/A
Vulnerability Type
N/A