Описание
Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationThird Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:abb:gate-e1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:gate-e1:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:abb:gate-e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:gate-e2:-:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00255
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser.
EPSS
Процентиль: 48%
0.00255
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79