Vulnerability CVE-2014-9198


Published: 2015-01-27   Modified: 2015-01-28

Description:
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

Type:

CWE-255

(Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Schneider-electric -> Tsxetg3000 
Schneider-electric -> Tsxetg3010 
Schneider-electric -> Tsxetg3021 
Schneider-electric -> Tsxetg3022 
Schneider-electric -> Etg3000 factorycast hmi gateway firmware 

 References:
http://www.securityfocus.com/bid/72258
http://www.securityfocus.com/bid/77765
https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

Copyright 2024, cxsecurity.com

 

Back to Top