Risk Summary
Successful exploitation of these vulnerabilities could allow unrestricted access to the administrative telnet/web interface of the device, enabling attackers to compromise the availability of the device, read or modify registers and settings, or change the device configuration.
CVEs (2)
Remediations
- ABB will not be releasing updated firmware, as both GATE-E1 and GATE-E2 have reached end of life (EOL). ABB recommends implementing defense-in-depth principles to minimize the risk that vulnerabilities are exploited.
- Separate control system networks from other networks using firewall and managed switches that have minimal number of ports exposed.
- Physically protect control system from unauthorized personnel.
- Portable computers and removable storage should be scanned for viruses before connected to control system.
- For more information about these vulnerabilities, ABB has published advisories ABBVU-EPPC-3099-SE-002 and ABBVU-EPPC-3099-SE-003
Affected Vendors
ABB
Affected Products (2)
ABB
·
GATE-E2
GATE-E1 (EOL 2013)
ABB
·
GATE-E2
GATE-E2 (EOL OCT 2018)
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more