Saia Burgess Controls PCD Controllers Hard-Coded FTP Credentials Vulnerability

critical Nessus Network Monitor Plugin ID 96

Description

One or more of the following SBC controllers was detected to be running a version of firmware earlier than 1.24.50 : - PCD1.M0xx0 - PCD1.M2xx0 - PCD2.M5xx0 - PCD3.Mxxx0 - PCD7.D4xxxT5F - PCD7.D4xxxWTPF - PCD7.D4xxxV - PCD7.D4xxxD. Firmware versions prior to 1.24.50 are implemented with hard-coded FTP credentials. An attacker who exploits this vulnerability would have administrative access to the target device and resources.

Plugin Details

Severity: Critical

ID: 96

Family: SCADA

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Reference Information

CVE: CVE-2015-7911