Vulnerability Details : CVE-2018-18995
Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.
Products affected by CVE-2018-18995
- cpe:2.3:o:abb:gate-e1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:abb:gate-e2_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-18995
1.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-18995
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-18995
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2018-18995
-
http://www.securityfocus.com/bid/106247
ABB GATE-E2 ICSA-18-352-01 Authentication Bypass and Cross-site Scripting VulnerabilityThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01
ABB GATE-E2 | CISAMitigation;Third Party Advisory;US Government Resource
Jump to