CVE-2018-18995

Name of the Vulnerable Software and Affected Versions Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions

Description The issue concerns the lack of authentication configuration on administrative telnet or web interfaces, which could enable various attack vectors. This includes conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.

Recommendations For Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2, consider restricting access to the administrative telnet and web interfaces until a fix is available. As a temporary workaround, limit network exposure and implement additional security measures to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.