CVE-2014-9198

critical

Description

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

http://www.securityfocus.com/bid/77765

http://www.securityfocus.com/bid/72258

Details

Source: Mitre, NVD

Published: 2015-01-27

Updated: 2019-04-15

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H