An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.
[
{
"product": "ABB Ellipse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ABB Ellipse"
}
]
}
]