October 2, 2018

The NCCIC has updated this advisory with additional details on mitigation measures. NCCIC/ICS-CERT.

August 28, 2018

The NCCIC has released an advisory on an improper authentication vulnerability in ABB eSOMS. Version 6.0.2 is affected. Successful exploitation of this vulnerability requires an attacker to discover a valid user account, which could be used to gain access to the application without authentication. ABB has recommended a series of immediate actions. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.