ABB has an update to mitigate an unprotected transport of credentials vulnerability in its Ellipse product, according to a report with ICS-CERT.
The remotely exploitable vulnerability, which ABB self-reported, affects Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select).
Successful exploitation of this vulnerability could allow an attacker to discover authentication credentials by sniffing the network traffic.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.
CVE-2017-16731 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.
The product sees use mainly in the critical manufacturing and energy sectors. It does see use on a global basis.
Switzerland-based ABB released the following product updates to mitigate the vulnerability:
• Ellipse 8.5.26 Release 7
• Ellipse 8.6.21 Release 5
• Ellipse 8.7.18 Release 7
• Ellipse 8.8.12 Release 7
• Ellipse 8.9.6 Release 7
See ABB Cyber Security Advisory number Ellipse201703 for more information about this vulnerability, as well as additional mitigations and workarounds.