Authentication bypass in GATE-E2 and GATE-E1 - CVE-2018-18995
Published: December 19, 2018
Vulnerability identifier: #VU16606
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-18995
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ABB
Affected software:
GATE-E2
GATE-E1
GATE-E2
GATE-E1
Detailed vulnerability description
The disclosed vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due the devices do not allow authentication to be configured on administrative telnet or web interfaces. A remote attacker can bypass authentication to conduct device resets, read or modify registers, and change configuration settings such as IP addresses.
How to mitigate CVE-2018-18995
ABB will not be releasing updated firmware, as both GATE-E1 and GATE-E2 have reached end of life (EOL). ABB recommends implementing defense-in-depth principles to minimize the risk that vulnerabilities are exploited.
- Separate control system networks from other networks using firewall and managed switches that have minimal number of ports exposed.
- Physically protect control system from unauthorized personnel.
- Portable computers and removable storage should be scanned for viruses before connected to control system.