CVE-2018-5477 MEDIUM

Published: 2018-02-20 | Last Modified: 2026-06-17 | Status: Modified

Description

An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.

Additional Descriptions (1)

Se ha descubierto un problema de exposición de información en ABB netCADOPS Web Application en versiones 3.4 y anteriores, versiones 7.1 y anteriores, versiones 7.2x y anteriores, versiones 8.0 y anteriores y versiones 8.1 y anteriores. Existe una vulnerabilidad en la sección de introducción de contraseñas de netCADOPS Web Application que podría exponer datos críticos de la base de datos.

CVSS Metrics

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-200
[email protected]	Primary	en CWE-200

Affected Products

Vendor	Product	Version	Update	Type
abb	netcadops	*	<built-in method update of dict object at 0x72a9cc6994c0>	Application
abb	netcadops	*	<built-in method update of dict object at 0x72a9cc698e40>	Application
abb	netcadops	7.1	<built-in method update of dict object at 0x72a9cd06c740>	Application
abb	netcadops	8.0	<built-in method update of dict object at 0x72a9e4155500>	Application
abb	netcadops	8.1	<built-in method update of dict object at 0x72a9cd06ef40>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:abb:netcadops::::::::`
Yes	`cpe:2.3:a:abb:netcadops::::::::`
Yes	`cpe:2.3:a:abb:netcadops:7.1:::::::*`
Yes	`cpe:2.3:a:abb:netcadops:8.0:::::::*`
Yes	`cpe:2.3:a:abb:netcadops:8.1:::::::*`

References

http://www.securityfocus.com/bid/103089
Source: [email protected]

Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01
Source: [email protected]

Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/103089
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource