PatchSiren cyber security CVE debrief
CVE-2017-5168 Hanwha Security CVE debrief
CVE-2017-5168 describes path traversal vulnerabilities in Hanwha Techwin Smart Security Manager’s bundled ActiveMQ Broker service. According to the supplied NVD record and advisory references, a crafted HTTP request can expose arbitrary files on the server, and the issue is described as potentially enabling remote code execution. NVD lists the affected product family as Smart Security Manager versions through 1.5, while the supplied description also references version ranges tied to 1.4 and earlier.
- Vendor
- Hanwha Security
- Product
- CVE-2017-5168
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Security and operations teams running Hanwha Techwin Smart Security Manager, especially on servers that are network-reachable or store sensitive configuration, logs, or credential material. Incident responders should also care if the product’s ActiveMQ Broker service was exposed to untrusted users or browsers.
Technical summary
The vulnerability is a CWE-22 path traversal issue in the ActiveMQ Broker service installed with Smart Security Manager. The supplied sources indicate that specific HTTP requests can be used to traverse directories and read arbitrary files on the server; the description also states that the issue can allow remote code execution. NVD’s CVSS 3.1 vector is AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, reflecting remote reachability but requiring user interaction and nontrivial attack conditions.
Defensive priority
High. Prioritize if Smart Security Manager is deployed, particularly where the service is reachable from untrusted networks or where exposed files could contain credentials, keys, or operational data.
Recommended defensive actions
- Inventory all Hanwha Techwin Smart Security Manager installations and confirm whether any instance matches the affected versions described in the supplied sources.
- Apply the vendor remediation guidance referenced by US-CERT/ICS-CERT in ICSA-17-040-01 and move to a version not listed as affected.
- Restrict network access to the product and its bundled ActiveMQ Broker service to trusted management hosts only.
- Review server and application logs for suspicious HTTP requests or unexpected file access patterns.
- Validate that sensitive files, configuration data, and credentials are not accessible through the application path structure.
- If exposure is confirmed, treat the host as potentially compromised and perform a targeted incident review.
Evidence notes
The supplied NVD record shows CVE publication at 2017-02-13T21:59:03.050Z and modification at 2026-05-13T00:24:29.033Z. NVD lists the vulnerable CPE as Hanwha Security Smart Security Manager through version 1.5 and identifies CWE-22. The referenced advisory trail includes US-CERT/ICS-CERT ICSA-17-040-01 and SecurityFocus BID 96147. The supplied description and NVD version criteria are not perfectly aligned, so the affected-version wording should be treated carefully.
Official resources
-
CVE-2017-5168 CVE record
CVE.org
-
CVE-2017-5168 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Patch, Third Party Advisory, US Government Resource
Published 2017-02-13T21:59:03.050Z; last modified 2026-05-13T00:24:29.033Z.