Sign-up

ID

VAR-201808-0397


CVE

CVE-2018-14805


TITLE

ABB eSOMS Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009815

DESCRIPTION

ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. ABB eSOMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB eSOMS is a set of factory operation management system of Swiss ABB company. ABB eSOMS 6.0.2 version has an authorization vulnerability. Attackers can use this vulnerability to gain unauthorized access to the system. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Trust: 2.52

sources: NVD: CVE-2018-14805 // JVNDB: JVNDB-2018-009815 // CNVD: CNVD-2020-28496 // BID: 105169 // VULHUB: VHN-125001

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28496

AFFECTED PRODUCTS

vendor:abbmodel:esomsscope:eqversion:6.0.2

Trust: 2.3

vendor:hitachienergymodel:esomsscope:eqversion:6.0.2

Trust: 1.0

sources: CNVD: CNVD-2020-28496 // BID: 105169 // JVNDB: JVNDB-2018-009815 // CNNVD: CNNVD-201808-904 // NVD: CVE-2018-14805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14805
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-14805
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-28496
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201808-904
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125001
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-14805
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-28496
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-125001
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14805
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2020-28496 // VULHUB: VHN-125001 // JVNDB: JVNDB-2018-009815 // CNNVD: CNNVD-201808-904 // NVD: CVE-2018-14805

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-125001 // JVNDB: JVNDB-2018-009815 // NVD: CVE-2018-14805

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-904

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201808-904

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009815

PATCH
title:ABBVU-PGGA-2018030url:https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-009815

EXTERNAL IDS
db:ICS CERTid:ICSA-18-240-04
Trust: 3.4
db:NVDid:CVE-2018-14805
Trust: 3.4
db:BIDid:105169
Trust: 2.0
db:JVNDBid:JVNDB-2018-009815
Trust: 0.8
db:CNVDid:CNVD-2020-28496
Trust: 0.7
db:CNNVDid:CNNVD-201808-904
Trust: 0.7
db:SEEBUGid:SSVID-98908
Trust: 0.1
db:VULHUBid:VHN-125001
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28496 // 
            
            
            
            VULHUB: VHN-125001 // 
            
            
            
            BID: 105169 // 
            
            
            
            JVNDB: JVNDB-2018-009815 // 
            
            
            
            CNNVD: CNNVD-201808-904 // 
            
            
            
            NVD: CVE-2018-14805

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-240-04
Trust: 3.4
url:http://www.securityfocus.com/bid/105169
Trust: 1.7
url:https://search.abb.com/library/download.aspx?documentid=9akk107046a5821&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14805
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14805
Trust: 0.8
url:http://www.abb.com/
Trust: 0.3
url:https://search.abb.com/library/download.aspx?documentid=9akk107046a5821&languagecode=en&documentpartid=&action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28496 // 
            
            
            
            VULHUB: VHN-125001 // 
            
            
            
            BID: 105169 // 
            
            
            
            JVNDB: JVNDB-2018-009815 // 
            
            
            
            CNNVD: CNNVD-201808-904 // 
            
            
            
            NVD: CVE-2018-14805

CREDITS
ABB
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201808-904

SOURCES
db:CNVDid:CNVD-2020-28496
db:VULHUBid:VHN-125001
db:BIDid:105169
db:JVNDBid:JVNDB-2018-009815
db:CNNVDid:CNNVD-201808-904
db:NVDid:CVE-2018-14805

LAST UPDATE DATE
2024-11-23T22:45:15.523000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28496date:2020-05-17T00:00:00
db:VULHUBid:VHN-125001date:2019-10-09T00:00:00
db:BIDid:105169date:2018-08-28T00:00:00
db:JVNDBid:JVNDB-2018-009815date:2018-11-29T00:00:00
db:CNNVDid:CNNVD-201808-904date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14805date:2024-11-21T03:49:50.063

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28496date:2020-05-17T00:00:00
db:VULHUBid:VHN-125001date:2018-08-29T00:00:00
db:BIDid:105169date:2018-08-28T00:00:00
db:JVNDBid:JVNDB-2018-009815date:2018-11-29T00:00:00
db:CNNVDid:CNNVD-201808-904date:2018-08-29T00:00:00
db:NVDid:CVE-2018-14805date:2018-08-29T16:29:00.217