CVE-2017-16731
HIGHHitachi Energy Ellipse 8.3.0-8.9.0 - Unprotected Transport of Credentials via LDAP Authentication
Title source: llmDescription
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-353-01
Scores
CVSS v3
8.8
EPSS
0.0072
EPSS Percentile
49.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
CWE-523
Status
published
Products (2)
hitachienergy/ellipse
8.3.0 - 8.9.0
n/a/ABB Ellipse
ABB Ellipse
Published
Dec 20, 2017
Tracked Since
Feb 18, 2026