Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for gate-e1 by abb
VAR-201901-0862
Vulnerability from variot - Updated: 2023-12-18 12:28Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. ABB GATE-E1 and GATE-E2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ABBGATE-E1 and GATE-E2 are Ethernet gateway devices from ABB, Switzerland. A cross-site scripting vulnerability exists in ABBGATE-E1 (EOL2013) and GATE-E2 (EOLOCT2018) that can be exploited by remote attackers to inject HTML/Javascript payloads into arbitrary device properties and display them in the guest's browser. Execution load. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information; other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0862",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gate-e1",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "*"
},
{
"model": "gate-e2",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "*"
},
{
"model": "gate-e1",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "gate-e2",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "gate-e1 eol",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "2013"
},
{
"model": "gate-e2 eol oct",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "2018"
},
{
"model": "gate-e2",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "gate-e1",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gate e1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gate e2",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d82aa30-463f-11e9-811d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25910"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014107"
},
{
"db": "NVD",
"id": "CVE-2018-18997"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:gate-e1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:gate-e1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:gate-e2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:gate-e2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18997"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nelson Berg of Applied Risk",
"sources": [
{
"db": "BID",
"id": "106247"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-18997",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-25910",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d82aa30-463f-11e9-811d-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-129612",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-18997",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18997",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-25910",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-791",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d82aa30-463f-11e9-811d-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129612",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d82aa30-463f-11e9-811d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25910"
},
{
"db": "VULHUB",
"id": "VHN-129612"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014107"
},
{
"db": "NVD",
"id": "CVE-2018-18997"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-791"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. ABB GATE-E1 and GATE-E2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ABBGATE-E1 and GATE-E2 are Ethernet gateway devices from ABB, Switzerland. A cross-site scripting vulnerability exists in ABBGATE-E1 (EOL2013) and GATE-E2 (EOLOCT2018) that can be exploited by remote attackers to inject HTML/Javascript payloads into arbitrary device properties and display them in the guest\u0027s browser. Execution load. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information; other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18997"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014107"
},
{
"db": "CNVD",
"id": "CNVD-2018-25910"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "IVD",
"id": "7d82aa30-463f-11e9-811d-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-129612"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18997",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-352-01",
"trust": 3.4
},
{
"db": "BID",
"id": "106247",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201812-791",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-25910",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014107",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "42289",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D82AA30-463F-11E9-811D-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-129612",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d82aa30-463f-11e9-811d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25910"
},
{
"db": "VULHUB",
"id": "VHN-129612"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014107"
},
{
"db": "NVD",
"id": "CVE-2018-18997"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-791"
}
]
},
"id": "VAR-201901-0862",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d82aa30-463f-11e9-811d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25910"
},
{
"db": "VULHUB",
"id": "VHN-129612"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d82aa30-463f-11e9-811d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25910"
}
]
},
"last_update_date": "2023-12-18T12:28:33.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014107"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129612"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014107"
},
{
"db": "NVD",
"id": "CVE-2018-18997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-352-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106247"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18997"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18997"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42289"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.3,
"url": "https://search-ext.abb.com/library/download.aspx?documentid=2cmt2018-005753\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.3,
"url": "https://search-ext.abb.com/library/download.aspx?documentid=2cmt2018-005751\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-25910"
},
{
"db": "VULHUB",
"id": "VHN-129612"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014107"
},
{
"db": "NVD",
"id": "CVE-2018-18997"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-791"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d82aa30-463f-11e9-811d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25910"
},
{
"db": "VULHUB",
"id": "VHN-129612"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014107"
},
{
"db": "NVD",
"id": "CVE-2018-18997"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-791"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-20T00:00:00",
"db": "IVD",
"id": "7d82aa30-463f-11e9-811d-000c29342cb1"
},
{
"date": "2018-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25910"
},
{
"date": "2019-01-03T00:00:00",
"db": "VULHUB",
"id": "VHN-129612"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106247"
},
{
"date": "2019-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014107"
},
{
"date": "2019-01-03T22:29:00.293000",
"db": "NVD",
"id": "CVE-2018-18997"
},
{
"date": "2018-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-791"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25910"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-129612"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106247"
},
{
"date": "2019-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014107"
},
{
"date": "2019-10-09T23:37:33.037000",
"db": "NVD",
"id": "CVE-2018-18997"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-791"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-791"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB GATE-E1 and GATE-E2 Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014107"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-791"
}
],
"trust": 0.6
}
}
VAR-201901-0861
Vulnerability from variot - Updated: 2023-12-18 12:28Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses. ABB GATE-E1 and GATE-E2 Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB GATE-E2 is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information; other attacks may also be possible. Both ABB GATE-E1 and GATE-E2 are Ethernet gateway devices of Swiss ABB Company. A security vulnerability exists in ABB GATE-E1 (EOL 2013) and GATE-E2 (EOL OCT 2018), which stems from the fact that the device does not allow authentication to be configured on the management telnet or web interface. An attacker could exploit this vulnerability to reset the device, read or modify the registry, and modify configuration settings such as the IP address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0861",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gate-e1",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "*"
},
{
"model": "gate-e2",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "*"
},
{
"model": "gate-e1",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "gate-e2",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "gate-e2",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
},
{
"model": "gate-e1",
"scope": "eq",
"trust": 0.3,
"vendor": "abb",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:gate-e1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:gate-e1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abb:gate-e2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abb:gate-e2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nelson Berg of Applied Risk",
"sources": [
{
"db": "BID",
"id": "106247"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-18995",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-129610",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-18995",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18995",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-790",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-129610",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129610"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses. ABB GATE-E1 and GATE-E2 Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB GATE-E2 is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information; other attacks may also be possible. Both ABB GATE-E1 and GATE-E2 are Ethernet gateway devices of Swiss ABB Company. A security vulnerability exists in ABB GATE-E1 (EOL 2013) and GATE-E2 (EOL OCT 2018), which stems from the fact that the device does not allow authentication to be configured on the management telnet or web interface. An attacker could exploit this vulnerability to reset the device, read or modify the registry, and modify configuration settings such as the IP address",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "VULHUB",
"id": "VHN-129610"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-18-352-01",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2018-18995",
"trust": 2.8
},
{
"db": "BID",
"id": "106247",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-790",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "42290",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-129610",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129610"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"id": "VAR-201901-0861",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129610"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:28:33.035000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://new.abb.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129610"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-352-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106247"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18995"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18995"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42290"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.3,
"url": "https://search-ext.abb.com/library/download.aspx?documentid=2cmt2018-005753\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.3,
"url": "https://search-ext.abb.com/library/download.aspx?documentid=2cmt2018-005751\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129610"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129610"
},
{
"db": "BID",
"id": "106247"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-03T00:00:00",
"db": "VULHUB",
"id": "VHN-129610"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106247"
},
{
"date": "2019-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"date": "2019-01-03T22:29:00.247000",
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"date": "2018-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-129610"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "106247"
},
{
"date": "2019-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014106"
},
{
"date": "2019-10-09T23:37:32.757000",
"db": "NVD",
"id": "CVE-2018-18995"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB GATE-E1 and GATE-E2 Vulnerabilities related to lack of authentication for critical functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014106"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-790"
}
],
"trust": 0.6
}
}