{"api_version":"1","generated_at":"2026-06-28T10:35:29+00:00","cve":"CVE-2018-14805","urls":{"html":"https://cve.report/CVE-2018-14805","api":"https://cve.report/api/cve/CVE-2018-14805.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-14805","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-14805"},"summary":{"title":"CVE-2018-14805","description":"ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-08-29 16:29:00","updated_at":"2023-05-16 20:21:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/105169","name":"105169","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"ABB eSOMS CVE-2018-14805 Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"ABB eSOMS (Update A) | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch","name":"https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch","refsource":"CONFIRM","tags":["Mitigation","Vendor Advisory"],"title":"ABB Security Advisory 2018030 eSOMS LDAP Integration","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-14805","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14805","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"14805","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"abb","cpe5":"esoms","cpe6":"6.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"14805","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"abb","cpe5":"esoms","cpe6":"6.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"14805","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hitachienergy","cpe5":"esoms","cpe6":"6.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-08-28T00:00:00","ID":"CVE-2018-14805","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ABB eSOMS","version":{"version_data":[{"version_value":"Version 6.0.2"}]}}]},"vendor_name":"ICS-CERT"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"IMPROPER AUTHENTICATION CWE-287"}]}]},"references":{"reference_data":[{"name":"https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch","refsource":"CONFIRM","url":"https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04"},{"name":"105169","refsource":"BID","url":"http://www.securityfocus.com/bid/105169"}]}},"nvd":{"publishedDate":"2018-08-29 16:29:00","lastModifiedDate":"2023-05-16 20:21:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hitachienergy:esoms:6.0.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"14805","Ordinal":"131538","Title":"CVE-2018-14805","CVE":"CVE-2018-14805","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"14805","Ordinal":"1","NoteData":"ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"14805","Ordinal":"2","NoteData":"2018-08-29","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"14805","Ordinal":"3","NoteData":"2018-08-30","Type":"Other","Title":"Modified"}]}}}