CVE-2018-14805

critical

Description

ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch

https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04

http://www.securityfocus.com/bid/105169

Details

Source: Mitre, NVD

Published: 2018-08-29

Updated: 2023-05-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics