SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-528484296] ABB netCADOPS Web Application

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-02-20OtherABBİsmail Erkek of Barikat Internet Security reported this vulnerability to NCCIC.N/ACVE-2018-5477 N/AN/AN/A

Source

						
							
								
#
# ABB netCADOPS Web Application
#


### VULNERABLE VENDOR
ABB


### VULNERABLE PRODUCT
netCADOPS Web Application 


### RESEARCHER
İsmail Erkek of Barikat Internet Security reported this vulnerability to NCCIC.


### AFFECTED PRODUCTS
The following versions of netCADOPS Web Application, a web interface, are affected:

netCADOPS Web Application Version 3.4 and prior,
netCADOPS Web Application Version 7.1 and prior,
netCADOPS Web Application Version 7.2x and prior,
netCADOPS Web Application Version 8.0 and prior, and
netCADOPS Web Application Version 8.1 and prior


### IMPACT
Successful exploitation of this vulnerability could allow critical information about the database to be exposed.


### VULNERABILITY OVERVIEW
INFORMATION EXPOSURE CWE-200
A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.
CVE-2018-5477 has been assigned to this vulnerability.
A CVSS v3 base score of 5.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)





### BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Switzerland




### MITIGATION

ABB has released the following product updates to mitigate the vulnerability:

ADMS 3.4.34.6 Release 16, February 2018
ADMS 7.1.16.1 Release 16, February 2018
ADMS 7.2.10 Release 16, February 2018
ADMS 8.0.20 Release 16, February 2018
ADMS 8.1.7.1 Release 16, February 2018
Please see ABB Cyber Security Advisory number 9AKK107045A9236 for more information about this vulnerability:

http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A9592&LanguageCode=en&DocumentPartId=&Action=Launch