Hardcoded Credential Vulnerability in Schneider Electric HMI Gateway
CVE-2014-9198

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Etg3000 Factorycast Hmi Gateway
Vendor: CVE Published:; 27 January 2015

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2014-9198?

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway contains hardcoded credentials, which present a critical security risk. Attackers can exploit this vulnerability to gain unauthorized access to the system through an FTP session, potentially compromising sensitive data and system integrity. Users of firmware versions up to 1.60 IR 04 should take immediate steps to secure their systems against unauthorized access.

Affected Version(s)

ETG3000 FactoryCast HMI Gateway TSXETG3000

ETG3000 FactoryCast HMI Gateway TSXETG3010

ETG3000 FactoryCast HMI Gateway TSXETG3021

References

https://www.cisa.gov/news-events/ics-advisories/icsa-15-0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2015
Vulnerability Reserved
Dec 2, 2014