CVE-2014-9198

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02	Patch US Government Resource
http://www.securityfocus.com/bid/77765
http://www.securityfocus.com/bid/72258

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:etg3000_factorycast_hmi_gateway_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:schneider-electric:tsxetg3000:-:::::::*
	cpe:2.3:h:schneider-electric:tsxetg3010:-:::::::*
	cpe:2.3:h:schneider-electric:tsxetg3021:-:::::::*
	cpe:2.3:h:schneider-electric:tsxetg3022:-:::::::*

Information

Published : 2015-01-27 11:59

Updated : 2019-04-15 05:30

NVD link : CVE-2014-9198

Mitre link : CVE-2014-9198

JSON object : View

CWE

CWE-255

Credentials Management Errors

Advertisement

Products Affected

schneider-electric

tsxetg3010
etg3000_factorycast_hmi_gateway_firmware
tsxetg3021
tsxetg3000
tsxetg3022

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02", "tags": ["Patch", "US Government Resource"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/77765", "name": "77765", "tags": [], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/72258", "name": "72258", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-9198", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-01-27T19:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:schneider-electric:etg3000_factorycast_hmi_gateway_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.60.4"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxetg3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxetg3010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxetg3021:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:schneider-electric:tsxetg3022:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-04-15T12:30Z"}