CVE-2018-18997

Summary

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser.

Affected Software

VendorProductVersion RangeStatus
n/aABB GATE-E1 and GATE-E2All versionsaffected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-Site Scripting') CWE-79

ADP Enrichment

CVE Program Container

Additional References

References