Sign-up

ID

VAR-201802-0936


CVE

CVE-2018-5477


TITLE

ABB netCADOPS Web Application Information Disclosure Vulnerability

Trust: 1.4

sources: IVD: e2e414de-39ab-11e9-9907-000c29342cb1 // CNVD: CNVD-2018-03477 // CNNVD: CNNVD-201802-781

DESCRIPTION

An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks

Trust: 2.7

sources: NVD: CVE-2018-5477 // JVNDB: JVNDB-2018-002422 // CNVD: CNVD-2018-03477 // BID: 103089 // IVD: e2e414de-39ab-11e9-9907-000c29342cb1 // VULHUB: VHN-135508

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e414de-39ab-11e9-9907-000c29342cb1 // CNVD: CNVD-2018-03477

AFFECTED PRODUCTS

vendor:abbmodel:netcadopsscope:eqversion:7.1

Trust: 1.6

vendor:abbmodel:netcadopsscope:eqversion:8.1

Trust: 1.6

vendor:abbmodel:netcadopsscope:eqversion:8.0

Trust: 1.6

vendor:abbmodel:netcadopsscope:ltversion:7.2.10

Trust: 1.0

vendor:abbmodel:netcadopsscope:gteversion:3.0

Trust: 1.0

vendor:abbmodel:netcadopsscope:gteversion:7.2.0

Trust: 1.0

vendor:abbmodel:netcadopsscope:lteversion:3.4

Trust: 1.0

vendor:abbmodel:netcadops web applicationscope:eqversion:8.1

Trust: 0.9

vendor:abbmodel:netcadops web applicationscope:eqversion:8.0

Trust: 0.9

vendor:abbmodel:netcadops web applicationscope:eqversion:7.20

Trust: 0.9

vendor:abbmodel:netcadops web applicationscope:eqversion:7.1

Trust: 0.9

vendor:abbmodel:netcadops web applicationscope:eqversion:3.4

Trust: 0.9

vendor:abbmodel:netcadopsscope: - version: -

Trust: 0.8

vendor:netcadopsmodel: - scope:eqversion:*

Trust: 0.4

vendor:abbmodel:netcadops web applicationscope:neversion:8.0.20

Trust: 0.3

vendor:abbmodel:netcadops web applicationscope:neversion:7.2.10

Trust: 0.3

vendor:abbmodel:netcadops web applicationscope:neversion:8.1.7.1

Trust: 0.3

vendor:abbmodel:netcadops web applicationscope:neversion:7.1.16.1

Trust: 0.3

vendor:abbmodel:netcadops web applicationscope:neversion:3.4.34.6

Trust: 0.3

vendor:netcadopsmodel: - scope:eqversion:7.1

Trust: 0.2

vendor:netcadopsmodel: - scope:eqversion:8.0

Trust: 0.2

vendor:netcadopsmodel: - scope:eqversion:8.1

Trust: 0.2

sources: IVD: e2e414de-39ab-11e9-9907-000c29342cb1 // CNVD: CNVD-2018-03477 // BID: 103089 // JVNDB: JVNDB-2018-002422 // CNNVD: CNNVD-201802-781 // NVD: CVE-2018-5477

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5477
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-5477
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-03477
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-781
value: MEDIUM

Trust: 0.6

IVD: e2e414de-39ab-11e9-9907-000c29342cb1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-135508
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5477
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-03477
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e414de-39ab-11e9-9907-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-135508
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5477
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: IVD: e2e414de-39ab-11e9-9907-000c29342cb1 // CNVD: CNVD-2018-03477 // VULHUB: VHN-135508 // JVNDB: JVNDB-2018-002422 // CNNVD: CNNVD-201802-781 // NVD: CVE-2018-5477

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-135508 // JVNDB: JVNDB-2018-002422 // NVD: CVE-2018-5477

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-781

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201802-781

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002422

PATCH
title:Top Pageurl:http://new.abb.com/
Trust: 0.8
title:ABB netCADOPS Web Application Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/117911
Trust: 0.6
title:ABB netCADOPS Web Application Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100254
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-03477 // 
            
            
            
            JVNDB: JVNDB-2018-002422 // 
            
            
            
            CNNVD: CNNVD-201802-781

EXTERNAL IDS
db:NVDid:CVE-2018-5477
Trust: 3.6
db:ICS CERTid:ICSA-18-051-01
Trust: 3.4
db:BIDid:103089
Trust: 2.6
db:CNNVDid:CNNVD-201802-781
Trust: 0.9
db:CNVDid:CNVD-2018-03477
Trust: 0.8
db:JVNDBid:JVNDB-2018-002422
Trust: 0.8
db:IVDid:E2E414DE-39AB-11E9-9907-000C29342CB1
Trust: 0.2
db:SEEBUGid:SSVID-99008
Trust: 0.1
db:VULHUBid:VHN-135508
Trust: 0.1
sources:
            
            
            IVD: e2e414de-39ab-11e9-9907-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-03477 // 
            
            
            
            VULHUB: VHN-135508 // 
            
            
            
            BID: 103089 // 
            
            
            
            JVNDB: JVNDB-2018-002422 // 
            
            
            
            CNNVD: CNNVD-201802-781 // 
            
            
            
            NVD: CVE-2018-5477

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-051-01
Trust: 3.4
url:http://www.securityfocus.com/bid/103089
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5477
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5477
Trust: 0.8
url:http://www.abb.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-03477 // 
            
            
            
            VULHUB: VHN-135508 // 
            
            
            
            BID: 103089 // 
            
            
            
            JVNDB: JVNDB-2018-002422 // 
            
            
            
            CNNVD: CNNVD-201802-781 // 
            
            
            
            NVD: CVE-2018-5477

CREDITS
Ismail Erkek
Trust: 0.3
sources:
            
            
            BID: 103089

SOURCES
db:IVDid:e2e414de-39ab-11e9-9907-000c29342cb1
db:CNVDid:CNVD-2018-03477
db:VULHUBid:VHN-135508
db:BIDid:103089
db:JVNDBid:JVNDB-2018-002422
db:CNNVDid:CNNVD-201802-781
db:NVDid:CVE-2018-5477

LAST UPDATE DATE
2024-11-23T23:08:46.702000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03477date:2018-02-26T00:00:00
db:VULHUBid:VHN-135508date:2019-10-09T00:00:00
db:BIDid:103089date:2018-02-20T00:00:00
db:JVNDBid:JVNDB-2018-002422date:2018-04-11T00:00:00
db:CNNVDid:CNNVD-201802-781date:2019-10-17T00:00:00
db:NVDid:CVE-2018-5477date:2024-11-21T04:08:52.830

SOURCES RELEASE DATE
db:IVDid:e2e414de-39ab-11e9-9907-000c29342cb1date:2018-02-26T00:00:00
db:CNVDid:CNVD-2018-03477date:2018-02-26T00:00:00
db:VULHUBid:VHN-135508date:2018-02-20T00:00:00
db:BIDid:103089date:2018-02-20T00:00:00
db:JVNDBid:JVNDB-2018-002422date:2018-04-11T00:00:00
db:CNNVDid:CNNVD-201802-781date:2018-02-20T00:00:00
db:NVDid:CVE-2018-5477date:2018-02-20T19:29:00.273