CVE-2008-5848

The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ruxcon.org.au/presentations.shtml#13
http://ruxcon.org.au/files/2008/SIFT-Ruxcon2008-SCADA-Hacking-Modbus-Enabled-Devices.pdf
http://support.advantech.com.tw/support/DownloadSRDetail.aspx?SR_ID=1-95WMW

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:advantech:adam-6066::::::::
	cpe:2.3:h:advantech:adam-6015::::::::
	cpe:2.3:h:advantech:adam-6018::::::::
	cpe:2.3:h:advantech:adam-6052::::::::
	cpe:2.3:h:advantech:adam-6060w::::::::
	cpe:2.3:h:advantech:adam-6022::::::::
	cpe:2.3:h:advantech:adam-6024::::::::
	cpe:2.3:h:advantech:adam-6050::::::::
	cpe:2.3:h:advantech:adam-6050w::::::::
	cpe:2.3:h:advantech:adam-6051::::::::
	cpe:2.3:h:advantech:adam-6501::::::::
	cpe:2.3:h:advantech:adam-6060::::::::
	cpe:2.3:h:advantech:adam-6017::::::::
	cpe:2.3:h:advantech:adam-6051w::::::::

Information

Published : 2009-01-06 09:30

Updated : 2009-05-19 21:00

NVD link : CVE-2008-5848

Mitre link : CVE-2008-5848

JSON object : View

CWE

CWE-255

Credentials Management Errors

NVD-CWE-noinfo

Advertisement

Products Affected

advantech

adam-6050
adam-6018
adam-6060w
adam-6051w
adam-6052
adam-6017
adam-6051
adam-6022
adam-6501
adam-6060
adam-6050w
adam-6066
adam-6015
adam-6024

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ruxcon.org.au/presentations.shtml#13", "name": "http://www.ruxcon.org.au/presentations.shtml#13", "tags": [], "refsource": "MISC"}, {"url": "http://ruxcon.org.au/files/2008/SIFT-Ruxcon2008-SCADA-Hacking-Modbus-Enabled-Devices.pdf", "name": "http://ruxcon.org.au/files/2008/SIFT-Ruxcon2008-SCADA-Hacking-Modbus-Enabled-Devices.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://support.advantech.com.tw/support/DownloadSRDetail.aspx?SR_ID=1-95WMW", "name": "http://support.advantech.com.tw/support/DownloadSRDetail.aspx?SR_ID=1-95WMW", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}, {"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-5848", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-01-06T17:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:advantech:adam-6066:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6015:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6018:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6052:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6060w:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6022:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6024:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6050:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6050w:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6051:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6501:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6060:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6017:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:advantech:adam-6051w:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2009-05-20T04:00Z"}