ABB is still working on a fix for a missing authentication for critical functions and a persistent cross-site scripting vulnerability in the ABB GATE E1 and the ABB GATE E2, a security researcher said.
The ABB GATE E1/E2 Pluto Gateway units provide two-way communication between a Pluto Safety PLC and other field buses.
Exploitation of these vulnerabilities may allow an attacker to compromise the availability of the device or compromise the web browser of an administrator visiting the web-portal. These findings include a total lack of authentication for the administrative interfaces on the device, as well as an unauthenticated persistent cross-site scripting vulnerability, said Applied Risk Security Researcher, Nelson Berg, who discovered the issues. Applied Risk has worked alongside the manufacturer in the responsible disclosure process.
The device is commonly used in a range of industries such as oil and gas, manufacturing, chemicals, and power.
Ion one vulnerability, the devices do not allow authentication to be configured on its administrative telnet/web interface. Access to the administrative interface allows attackers to compromise the availability of the device, by contiguously resetting the device and the integrity/confidentiality of the device, by modifying/reading registers and allowing for the change of configuration such as the device’s IP address.
Applied Risk calculated a CVSS v3 base score of 9.8 for the missing authentication for critical functions vulnerability.
For the persistent cross-site scripting issue, there is a CVSS v3 base score of 7.1.
“Because no authentication functionality is implemented on any administrative interface, attackers are able to compromise the availability of the device, by continuously resetting the device and the integrity/confidentiality of the device, by modifying/reading registers and allowing for the change of configuration such as the device’s IP address,” Berg said in a post.
No official patch has been released for GATE-E1 or Gate-E2 devices.