CVE-2018-18995

{"id": "CVE-2018-18995", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-01-03T22:29:00.247", "references": [{"url": "http://www.securityfocus.com/bid/106247", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses."}, {"lang": "es", "value": "Ninguna versi\u00f3n de los dispositivos Pluto Safety PLC Gateway Ethernet ABB GATE-E1 y GATE-E2permite la configuraci\u00f3n de la autenticaci\u00f3n en interfaces del administrador telnet o web, lo que podr\u00eda habilitar varios vectores de efectos, incluyendo el restablecimiento de dispositivos, la lectura o modificaci\u00f3n de registros y el cambio de los ajustes de configuraci\u00f3n, como pueden ser las direcciones IP."}], "lastModified": "2019-10-09T23:37:32.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:gate-e1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D27F9314-660C-46AC-91A6-14DD2AFB3518"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:gate-e1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DCAE95B-195E-45A9-8A31-591EDCBF3B19"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:gate-e2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86C7ACA6-1367-41DB-8E60-D10EC94BAC14"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:gate-e2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C567806D-32A0-4A0C-BC55-F4BE4B721441"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}