Unauthenticated Remote Code Execution in ABB GATE-E1 and GATE-E2 Ethernet Devices

Unauthenticated Remote Code Execution in ABB GATE-E1 and GATE-E2 Ethernet Devices

CVE-2018-18997 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser.

Learn more about our Web App Pen Testing.