Login Sign Up

CVE-2018-18995

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2018-18995 is a critical authentication bypass vulnerability affecting ABB GATE-E1 and GATE-E2 PLC Gateway Ethernet devices. It allows unauthenticated attackers to access administrative interfaces via telnet or web, enabling device resets, configuration changes, and register manipulation. This affects all versions of these industrial control system devices.

💻 Affected Systems

Products:
  • ABB GATE-E1
  • ABB GATE-E2
Versions: All versions
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices ship with vulnerable configuration; no authentication can be configured on administrative interfaces.

📦 What is this software?

Gate E1 Firmware by Abb

View all CVEs affecting Gate E1 Firmware →

Gate E2 Firmware by Abb

View all CVEs affecting Gate E2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems leading to physical process disruption, safety system manipulation, or production shutdown.

🟠

Likely Case

Unauthorized configuration changes, IP address modification, or device resets causing operational disruption.

🟢

If Mitigated

Limited impact if devices are isolated behind firewalls with strict network segmentation.

🌐 Internet-Facing: HIGH - Direct internet exposure allows complete remote compromise without authentication.
🏢 Internal Only: HIGH - Even internally, any network access allows full administrative control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only network access to telnet (port 23) or web interface (port 80).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None available

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-18-352-01

Restart Required: No

Instructions:

No official patch exists. Follow workarounds and mitigation steps below.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate VLANs with strict firewall rules.

Access Control Lists

all

Implement network ACLs to restrict access to administrative interfaces.

🧯 If You Can't Patch

  • Physically isolate devices from untrusted networks
  • Implement strict network monitoring and alerting for access attempts

🔍 How to Verify

Check if Vulnerable:

Attempt telnet connection to port 23 or HTTP connection to port 80 without credentials; if access is granted, device is vulnerable.

Check Version:

Check device label or web interface for model and version information.

Verify Fix Applied:

Verify network segmentation prevents unauthorized access to administrative interfaces.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access to administrative interfaces
  • Configuration changes from unauthorized IPs

Network Indicators:

  • Telnet connections to port 23 from unauthorized sources
  • HTTP requests to administrative pages without authentication

SIEM Query:

source_port=23 OR dest_port=23 AND NOT src_ip IN [authorized_ips]

📊 Metadata

CVE ID: CVE-2018-18995
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-306
Published: January 3, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-18995, you might also want to check these:

CVE-2019-11061 10.0

CVE-2019-11061 is a critical authentication bypass vulnerability in HG100 firmware that allows attac...

Same vulnerability type (CWE-306)
CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)