ABB eSOMS (Update A)

Risk Summary

Successful exploitation of this vulnerability requires an attacker to discover a valid user account, which could be used to gain access to the application without authentication.

CVEs (1)

Remediations

• ABB has released eSOMS version 6.0.3, which addresses this vulnerability. Please contact an ABB Global Customer Care Customer Advocate ([email protected]) with any questions or for more information about the release.
• Users running eSOMS Version 6.0.2 should ensure “Unauthenticated Authentication” (anonymous bind) is disabled in the LDAP configuration settings. In the eSOMS web.config file, ensure only the following key values are populated: “LDAP_Path,” “LDAP_User_Search,” and “LDAP_SSL_Enabled.” The remaining LDAP related key values are reserved for non-standard LDAP server configurations and are not normally required.
• Users should contact ABB global customer care (GCC) for further guidance if they experience issues with implementing LDAP authentication using only the previously mentioned key values.
• Users can find more information in ABB's security advisory ABBVU-PGGA-2018030 at the following location:

Affected Vendors

Affected Products (1)

Affected Sectors

Chemical, Defense Industrial Base, Energy