CVE-2018-18995

moderate-risk
Published 2019-01-03

Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.

Do I need to act?

~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Gate-E1 Firmware
Gate-E2 Firmware

Affected Vendors

Abb

References (4)

Third Party Advisory http://www.securityfocus.com/bid/106247
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01
Third Party Advisory http://www.securityfocus.com/bid/106247
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 4/34 · Minimal
Exposure 7/34 · Low