CVE-2018-18995

Summary

Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.

Affected Software

VendorProductVersion RangeStatus
n/aABB GATE-E1 and GATE-E2All versionsaffected

Weaknesses

  • CWE-306: Missing Authentication for Critical Function CWE-306

ADP Enrichment

CVE Program Container

Additional References

References