Main Vulnerability Database Vulnerabilities #VU16609

Authentication bypass in M2M ETHERNET FW - CVE-2018-17926

Published: December 19, 2018

Vulnerability identifier: #VU16609

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-17926

CWE-ID: CWE-287

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: ABB

Affected software:
M2M ETHERNET FW

Detailed vulnerability description

The vulnerability allows an adjacent attacker to bypass authentication on the target system.

The vulnerability exists due to improper authentication. An adjacent attacker can bypass the user authentication mechanism and upload a malicious language file.

How to mitigate CVE-2018-17926

Install update from vendor's website.

Sources

http://search.abb.com/library/Download.aspx?DocumentID=ABBVU-EPBP-R-5672&LanguageCode=en&DocumentPartId=2CSG299903R4052&Action=Launch

Authentication bypass in M2M ETHERNET FW - CVE-2018-17926

Detailed vulnerability description

How to mitigate CVE-2018-17926

Sources

Please verify you're human