Details of VAR-201901-0862

ID

VAR-201901-0862

CVE

CVE-2018-18997

TITLE

ABB GATE-E1 and GATE-E2 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-014107

DESCRIPTION

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. ABB GATE-E1 and GATE-E2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ABBGATE-E1 and GATE-E2 are Ethernet gateway devices from ABB, Switzerland. A cross-site scripting vulnerability exists in ABBGATE-E1 (EOL2013) and GATE-E2 (EOLOCT2018) that can be exploited by remote attackers to inject HTML/Javascript payloads into arbitrary device properties and display them in the guest's browser. Execution load. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information; other attacks may also be possible

Trust: 2.7

sources: NVD: CVE-2018-18997 // JVNDB: JVNDB-2018-014107 // CNVD: CNVD-2018-25910 // BID: 106247 // IVD: 7d82aa30-463f-11e9-811d-000c29342cb1 // VULHUB: VHN-129612

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 7d82aa30-463f-11e9-811d-000c29342cb1 // CNVD: CNVD-2018-25910

AFFECTED PRODUCTS

vendor:	abb	model:	gate-e2	scope:	eq	version:	*	Trust: 1.0
vendor:	abb	model:	gate-e1	scope:	eq	version:	*	Trust: 1.0
vendor:	abb	model:	gate-e1	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	gate-e2	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	gate-e1 eol	scope:	eq	version:	2013	Trust: 0.6
vendor:	abb	model:	gate-e2 eol oct	scope:	eq	version:	2018	Trust: 0.6
vendor:	abb	model:	gate-e2	scope:	eq	version:	0	Trust: 0.3
vendor:	abb	model:	gate-e1	scope:	eq	version:	0	Trust: 0.3
vendor:	gate e1	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	gate e2	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d82aa30-463f-11e9-811d-000c29342cb1 // CNVD: CNVD-2018-25910 // BID: 106247 // JVNDB: JVNDB-2018-014107 // NVD: CVE-2018-18997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18997
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-18997
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-25910
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201812-791
value:	MEDIUM
Trust: 0.6
IVD:	7d82aa30-463f-11e9-811d-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-129612
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-18997
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-25910
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d82aa30-463f-11e9-811d-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-129612
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-18997
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: IVD: 7d82aa30-463f-11e9-811d-000c29342cb1 // CNVD: CNVD-2018-25910 // VULHUB: VHN-129612 // JVNDB: JVNDB-2018-014107 // CNNVD: CNNVD-201812-791 // NVD: CVE-2018-18997

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-129612 // JVNDB: JVNDB-2018-014107 // NVD: CVE-2018-18997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-791

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201812-791

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014107

PATCH

title:

Top Page

url:

https://new.abb.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-014107

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18997	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-352-01	Trust: 3.4
db:	BID	id:	106247	Trust: 2.0
db:	CNNVD	id:	CNNVD-201812-791	Trust: 0.9
db:	CNVD	id:	CNVD-2018-25910	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014107	Trust: 0.8
db:	NSFOCUS	id:	42289	Trust: 0.6
db:	IVD	id:	7D82AA30-463F-11E9-811D-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-129612	Trust: 0.1

sources: IVD: 7d82aa30-463f-11e9-811d-000c29342cb1 // CNVD: CNVD-2018-25910 // VULHUB: VHN-129612 // BID: 106247 // JVNDB: JVNDB-2018-014107 // CNNVD: CNNVD-201812-791 // NVD: CVE-2018-18997

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-352-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/106247	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18997	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18997	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/42289	Trust: 0.6
url:	http://www.abb.com/	Trust: 0.3
url:	https://search-ext.abb.com/library/download.aspx?documentid=2cmt2018-005753&languagecode=en&documentpartid=&action=launch	Trust: 0.3
url:	https://search-ext.abb.com/library/download.aspx?documentid=2cmt2018-005751&languagecode=en&documentpartid=&action=launch	Trust: 0.3

sources: CNVD: CNVD-2018-25910 // VULHUB: VHN-129612 // BID: 106247 // JVNDB: JVNDB-2018-014107 // CNNVD: CNNVD-201812-791 // NVD: CVE-2018-18997

CREDITS

Nelson Berg of Applied Risk

Trust: 0.3

sources: BID: 106247

SOURCES

db:	IVD	id:	7d82aa30-463f-11e9-811d-000c29342cb1
db:	CNVD	id:	CNVD-2018-25910
db:	VULHUB	id:	VHN-129612
db:	BID	id:	106247
db:	JVNDB	id:	JVNDB-2018-014107
db:	CNNVD	id:	CNNVD-201812-791
db:	NVD	id:	CVE-2018-18997

LAST UPDATE DATE

2024-11-23T22:26:04.517000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-25910	date:	2018-12-20T00:00:00
db:	VULHUB	id:	VHN-129612	date:	2019-10-09T00:00:00
db:	BID	id:	106247	date:	2018-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-014107	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201812-791	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-18997	date:	2024-11-21T03:57:00.680

SOURCES RELEASE DATE

db:	IVD	id:	7d82aa30-463f-11e9-811d-000c29342cb1	date:	2018-12-20T00:00:00
db:	CNVD	id:	CNVD-2018-25910	date:	2018-12-20T00:00:00
db:	VULHUB	id:	VHN-129612	date:	2019-01-03T00:00:00
db:	BID	id:	106247	date:	2018-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-014107	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201812-791	date:	2018-12-19T00:00:00
db:	NVD	id:	CVE-2018-18997	date:	2019-01-03T22:29:00.293