CVE-2018-14805
Description
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ABB eSOMS 6.0.2 allows unauthorized access when LDAP anonymous authentication is enabled and specific web.config keys are present, leading to full system compromise.
Vulnerability
ABB eSOMS version 6.0.2 is affected by an improper authentication vulnerability (CWE-287) that allows unauthorized access when both conditions are met: LDAP is configured to allow anonymous authentication, and specific key values within the eSOMS web.config file are present [1].
Exploitation
An attacker with low skill level can exploit this vulnerability remotely by discovering a valid user account, then gaining access to the application without authentication [1]. No user interaction is required, and the attack complexity is low.
Impact
Successful exploitation results in a complete compromise of confidentiality, integrity, and availability, as indicated by a CVSS v3 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) [1].
Mitigation
ABB has released eSOMS version 6.0.3 to address this vulnerability [1]. Users running version 6.0.2 should immediately disable anonymous authentication in the LDAP configuration settings and ensure only the allowed key values (e.g., "LDAP_Path") are present in the web.config file [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- ICS-CERT/ABB eSOMSv5Range: Version 6.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/bid/105169mitrevdb-entryx_refsource_BID
- ics-cert.us-cert.gov/advisories/ICSA-18-240-04mitrex_refsource_MISC
- search.abb.com/library/Download.aspxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.