The NCCIC has published an advisory on missing authentication for critical function and cross-site scripting vulnerabilities in ABB GATE-E2. GATE-E1 (EOL 2013) and GATE-E2 (EOL OCT 2018) are affected. Successful exploitation of these vulnerabilities could allow unrestricted access to the administrative telnet/web interface of the device, enabling attackers to compromise the availability of the device, read or modify registers and settings, or change the device configuration. ABB will not be releasing updated firmware, as both GATE-E1 and GATE-E2 have reached end of life (EOL).  ABB recommends implementing defense-in-depth principles to minimize the risk that vulnerabilities are exploited. The NCCIC also advises on a series of mitigating measures for these vulnerabilities. NCCIC/ICS-CERT.