Unauthenticated Remote Code Execution in ABB GATE-E1 and GATE-E2 Ethernet Devices
CVE-2018-18997 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser.
Learn more about our Web App Pen Testing.