CVE-2018-18995

Опубликовано: 03 янв. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.

Ссылки

http://www.securityfocus.com/bid/106247
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01
Mitigation
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/106247
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:abb:gate-e1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:gate-e1:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:abb:gate-e2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:abb:gate-e2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01317

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-478p-r52m-3xfc