Vulnerability CVE-2018-18995


Published: 2019-01-03

Description:
Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.

Type:

CWE-306

(Missing Authentication for Critical Function)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
ABB -> Gate-e1 firmware 
ABB -> Gate-e2 firmware 

 References:
http://www.securityfocus.com/bid/106247
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01

Copyright 2020, cxsecurity.com

 

Back to Top