ABB Fixes Web Application Hole

Tuesday, February 20, 2018 @ 01:02 PM gHale

ABB created updates to mitigate an information exposure vulnerability in its netCADOPS Web Application, according to a report with ICS-CERT.

Successful exploitation of this remotely exploitable vulnerability, discovered by İsmail Erkek, could allow exposure of critical information about the database.

ABB Creates Fix for TropOS KRACK Attacks
Nortek Linear eMerge E3 Series
GE Mitigates Relay Vulnerabilities
Schneider’s IGSS Mobile Fixed

The following versions of netCADOPS Web Application, a web interface, suffer from the issue:
• netCADOPS Web Application Version 3.4 and prior
• netCADOPS Web Application Version 7.1 and prior
• netCADOPS Web Application Version 7.2x and prior
• netCADOPS Web Application Version 8.0 and prior
• netCADOPS Web Application Version 8.1 and prior

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.

CVE-2018-5477 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.8.

The product sees action mainly in the critical manufacturing and energy sectors. It also sees use on a global basis.

ABB released the following product updates to mitigate the vulnerability:
• ADMS Release 16
• ADMS Release 16
• ADMS 7.2.10 Release 16
• ADMS 8.0.20 Release 16
• ADMS Release 16

Click here to see ABB Cyber Security Advisory number 9AKK107045A9236 for more information about this vulnerability.

Leave a Reply

You must be logged in to post a comment.