CVE-2018-18997

Name of the Vulnerable Software and Affected Versions Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions

Description The issue allows an unauthenticated attacker to insert an HTML/Javascript payload into device properties using the administrative web interface. This may enable the attacker to display or execute the payload in a visitor's browser.

Recommendations For all versions, consider restricting access to the administrative web interface to prevent unauthorized insertion of HTML/Javascript payloads. As a temporary workaround, monitor device properties for any suspicious payloads and remove them promptly to minimize potential risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.