Main Vulnerability Database SB2018082904

SB2018082904 - Authentication bypass in ABB eSOMS

Published: August 29, 2018

Security Bulletin ID SB2018082904

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper authentication (CVE-ID: CVE-2018-14805)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability exists due to improper authentication. A remote unauthenticated attacker can achieve unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04