Hardcoded Credential Vulnerability in Schneider Electric HMI Gateway
CVE-2014-9198

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Etg3000 Factorycast Hmi Gateway Firmware; Tsxetg3000; Tsxetg3010; Tsxetg3021
Vendor: CVE Published:; 27 January 2015

Summary

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway contains hardcoded credentials, which present a critical security risk. Attackers can exploit this vulnerability to gain unauthorized access to the system through an FTP session, potentially compromising sensitive data and system integrity. Users of firmware versions up to 1.60 IR 04 should take immediate steps to secure their systems against unauthorized access.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

x_refsource_MISC

http://www.securityfocus.com/bid/72258

vdb-entryx_refsource_BID

http://www.securityfocus.com/bid/77765

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 27, 2015
Vulnerability Reserved
Dec 2, 2014