Security experts at Applied Risk
The security firm published a security advisory that provides technical details for two vulnerabilities in ABB Pluto Gateway products. GATE-E1 and GATE-E2 from ABB.
The ABB gateway solutions allow ABB PLCs to communicate with other control systems.
“Two vulnerabilities were found in the ABB GATE E1/E2 devices. These findings include a total
“As a result of these findings, ABB has put the GATE-E2 in End-of-Life.The E1 device was already in EoL. “
The devices do not implement authentication on its administrative telnet/web interface, the flaws could be exploited to change device settings and cause a DoS condition by condition by continuously resetting the product.
Applied Risk assigned to the flaws a CVSS v3 base score of 9.8.
Experts also discovered a persistent cross-site scripting (XSS) flaw that could be exploited by an attacker to inject malicious code via the administrative HTTP and telnet interfaces. The malicious is executed when a legitimate admin will access the device’s web portal. The flaw has been rated as a severity rating of “high.”
The good news is that the experts are not aware of attacks exploiting the flaws in the wild.
(SecurityAffairs – PLC Gateways, hacking)