ABB created updates to mitigate an information exposure vulnerability in its netCADOPS Web Application, according to a report with ICS-CERT.
Successful exploitation of this remotely exploitable vulnerability, discovered by İsmail Erkek, could allow exposure of critical information about the database.
The following versions of netCADOPS Web Application, a web interface, suffer from the issue:
• netCADOPS Web Application Version 3.4 and prior
• netCADOPS Web Application Version 7.1 and prior
• netCADOPS Web Application Version 7.2x and prior
• netCADOPS Web Application Version 8.0 and prior
• netCADOPS Web Application Version 8.1 and prior
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.
CVE-2018-5477 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.8.
The product sees action mainly in the critical manufacturing and energy sectors. It also sees use on a global basis.
ABB released the following product updates to mitigate the vulnerability:
• ADMS 188.8.131.52 Release 16
• ADMS 184.108.40.206 Release 16
• ADMS 7.2.10 Release 16
• ADMS 8.0.20 Release 16
• ADMS 220.127.116.11 Release 16
Click here to see ABB Cyber Security Advisory number 9AKK107045A9236 for more information about this vulnerability.