CVE-2017-16731

Name of the Vulnerable Software and Affected Versions ABB Ellipse versions 8.3 through 8.9

Description An issue with unprotected transport of credentials was found in the authentication of Ellipse to LDAP/AD using the LDAP protocol. This allows an attacker to exploit the issue by sniffing local network traffic, potentially discovering authentication credentials.

Recommendations For ABB Ellipse versions 8.3 through 8.9, consider updating to a version released after December 2017 to resolve the issue. As a temporary workaround, restrict access to the local network to minimize the risk of exploitation.