ABB eSOMS (Update A)

Act Now9.8ICS-CERT ICSA-18-240-04Aug 28, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB eSOMS versions up to 6.0.2 contain an authentication bypass vulnerability (CWE-287). An attacker who discovers a valid user account can gain access to the application without authentication, particularly when LDAP is misconfigured to allow anonymous binds or when non-standard LDAP configuration keys are populated. This affects the security of energy management and substation operations.

What this means

What could happen

An attacker who discovers a valid username could bypass authentication and gain unauthorized access to the eSOMS energy management system, potentially allowing them to manipulate power system settings, alter operational parameters, or cause service disruptions.

Who's at risk

Energy and utility operators using ABB eSOMS (Electrical Substation Operations Management System) version 6.0.2 are at risk. This affects utilities managing substation automation and electrical grid operations that depend on eSOMS for monitoring and control. Anyone with a valid eSOMS username can access the system without proper authentication if LDAP settings are not correctly configured.

How it could be exploited

The attacker discovers or enumerates a valid eSOMS user account (through network reconnaissance or leaked credentials). They then exploit the authentication bypass vulnerability to access the application without providing the corresponding password, typically by leveraging misconfigured LDAP settings that permit anonymous binds or incomplete credential validation.

Prerequisites

Valid or guessable username for an eSOMS account
Network access to the eSOMS web interface (typically port 80 or 443)
LDAP anonymous bind enabled or non-standard LDAP configuration on the target system

Remotely exploitableNo authentication required once username is discoveredLow complexity attackAffects critical energy infrastructureLDAP misconfiguration common in legacy systems

Exploitability

Moderate exploit probability (EPSS 1.3%)

Affected products (1)

ProductAffected VersionsFix Status

eSOMS:6.0.26.0.3

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDDisable 'Unauthenticated Authentication' (anonymous bind) in LDAP configuration settings

WORKAROUNDIn the eSOMS web.config file, populate only the following LDAP keys: 'LDAP_Path,' 'LDAP_User_Search,' and 'LDAP_SSL_Enabled'; clear any other LDAP-related key values

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade eSOMS to version 6.0.3 or later

CVEs (1)

CVE-2018-14805

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/31b20448-1e3f-4498-a6f7-337614b77a3d