CVE-2018-18995 — CRITICAL (9.8)

Vulnerability Description

Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Abb	Gate-E1 Firmware	All versions
Abb	Gate-E1	-
Abb	Gate-E2 Firmware	All versions
Abb	Gate-E2	-

Related Weaknesses (CWE)

CWE-306

References

http://www.securityfocus.com/bid/106247Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01MitigationThird Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/106247Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-18995?

CVE-2018-18995 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effec...

How severe is CVE-2018-18995?

CVE-2018-18995 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-18995?

Check the references section above for vendor advisories and patch information. Affected products include: Abb Gate-E1 Firmware, Abb Gate-E1, Abb Gate-E2 Firmware, Abb Gate-E2.