CVE-2018-14805
N/A
N/A
Summary
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ICS-CERT | ABB eSOMS | Version 6.0.2 | affected |
Weaknesses
- CWE-287: IMPROPER AUTHENTICATION CWE-287
ADP Enrichment
CVE Program Container
Additional References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch
- https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04
- http://www.securityfocus.com/bid/105169
References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch
- https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04
- http://www.securityfocus.com/bid/105169
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.