Vulnerability CVE-2008-5848


Published: 2009-01-06   Modified: 2012-02-13

Description:
The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Advantech -> Adam-6015 
Advantech -> Adam-6017 
Advantech -> Adam-6018 
Advantech -> Adam-6022 
Advantech -> Adam-6024 
Advantech -> Adam-6050 
Advantech -> Adam-6050w 
Advantech -> Adam-6051 
Advantech -> Adam-6051w 
Advantech -> Adam-6052 
Advantech -> Adam-6060 
Advantech -> Adam-6060w 
Advantech -> Adam-6066 
Advantech -> Adam-6501 

 References:
http://www.ruxcon.org.au/presentations.shtml#13
http://support.advantech.com.tw/support/DownloadSRDetail.aspx?SR_ID=1-95WMW
http://ruxcon.org.au/files/2008/SIFT-Ruxcon2008-SCADA-Hacking-Modbus-Enabled-Devices.pdf

Copyright 2022, cxsecurity.com

 

Back to Top