- Description
- Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:gate-e1_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D27F9314-660C-46AC-91A6-14DD2AFB3518"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:gate-e1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5DCAE95B-195E-45A9-8A31-591EDCBF3B19"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:gate-e2_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86C7ACA6-1367-41DB-8E60-D10EC94BAC14"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:gate-e2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C567806D-32A0-4A0C-BC55-F4BE4B721441"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]