CVE-2018-18997

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01 Mitigation Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/106247 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:abb:gate-e1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:gate-e1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:abb:gate-e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:abb:gate-e2:-:*:*:*:*:*:*:*

Information

Published : 2019-01-03 14:29

Updated : 2019-10-09 16:37


NVD link : CVE-2018-18997

Mitre link : CVE-2018-18997


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

abb

  • gate-e1
  • gate-e1_firmware
  • gate-e2_firmware
  • gate-e2