VAR-201901-0861
Vulnerability from variot - Updated: 2023-12-18 12:28Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses. ABB GATE-E1 and GATE-E2 Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB GATE-E2 is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information; other attacks may also be possible. Both ABB GATE-E1 and GATE-E2 are Ethernet gateway devices of Swiss ABB Company. A security vulnerability exists in ABB GATE-E1 (EOL 2013) and GATE-E2 (EOL OCT 2018), which stems from the fact that the device does not allow authentication to be configured on the management telnet or web interface. An attacker could exploit this vulnerability to reset the device, read or modify the registry, and modify configuration settings such as the IP address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0861",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gate-e1",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "*"
},
{
"model": "gate-e2",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "*"
},
{
"model": "gate-e1",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "gate-e2",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "gate-e2",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "gate-e1",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:gate-e1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:gate-e1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:gate-e2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:gate-e2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nelson Berg of Applied Risk",
"sources": [
{
"db": "BID",
"id": "106247"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-18995",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-129610",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-18995",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18995",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-790",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-129610",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129610"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses. ABB GATE-E1 and GATE-E2 Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB GATE-E2 is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information; other attacks may also be possible. Both ABB GATE-E1 and GATE-E2 are Ethernet gateway devices of Swiss ABB Company. A security vulnerability exists in ABB GATE-E1 (EOL 2013) and GATE-E2 (EOL OCT 2018), which stems from the fact that the device does not allow authentication to be configured on the management telnet or web interface. An attacker could exploit this vulnerability to reset the device, read or modify the registry, and modify configuration settings such as the IP address",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "VULHUB",
"id": "VHN-129610"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-18-352-01",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2018-18995",
"trust": 2.8
},
{
"db": "BID",
"id": "106247",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-790",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "42290",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-129610",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129610"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"id": "VAR-201901-0861",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129610"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:28:33.035000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129610"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-352-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106247"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18995"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18995"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42290"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.3,
"url": "https://search-ext.abb.com/library/download.aspx?documentid=2cmt2018-005753\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.3,
"url": "https://search-ext.abb.com/library/download.aspx?documentid=2cmt2018-005751\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129610"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129610"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-03T00:00:00",
"db": "VULHUB",
"id": "VHN-129610"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106247"
},
{
"date": "2019-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"date": "2019-01-03T22:29:00.247000",
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"date": "2018-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-129610"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106247"
},
{
"date": "2019-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"date": "2019-10-09T23:37:32.757000",
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB GATE-E1 and GATE-E2 Vulnerabilities related to lack of authentication for critical functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…