Details of VAR-201304-0400

ID

VAR-201304-0400

CVE

CVE-2013-2762

TITLE

Schneider Electric Magelis XBT HMI Controller Default Password Vulnerability

Trust: 0.8

sources: IVD: 04028c78-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02814

DESCRIPTION

The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. The Schneider Electric Magelis XBT HMI controller is a human interface controller. Successfully exploiting this issue may allow an attacker to bypass security restrictions and perform unauthorized actions

Trust: 2.7

sources: NVD: CVE-2013-2762 // JVNDB: JVNDB-2013-002149 // CNVD: CNVD-2013-02814 // BID: 58953 // IVD: 04028c78-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-62764

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 04028c78-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02814

AFFECTED PRODUCTS

vendor:	schneider electric	model:	magelis xbt hmi	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	magelis xbt gc/t/k hmi controller	scope:	-	version:	-	Trust: 0.8
vendor:	schneider	model:	electric magelis xbt hmi controller	scope:	-	version:	-	Trust: 0.6
vendor:	magelis xbt hmi	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 04028c78-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02814 // JVNDB: JVNDB-2013-002149 // CNNVD: CNNVD-201304-035 // NVD: CVE-2013-2762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2762
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-2762
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-02814
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201304-035
value:	CRITICAL
Trust: 0.6
IVD:	04028c78-2353-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-62764
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-2762
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-02814
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	04028c78-2353-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-62764
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 04028c78-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02814 // VULHUB: VHN-62764 // JVNDB: JVNDB-2013-002149 // CNNVD: CNNVD-201304-035 // NVD: CVE-2013-2762

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.9
problemtype:	CWE-352	Trust: 1.9

sources: VULHUB: VHN-62764 // JVNDB: JVNDB-2013-002149 // NVD: CVE-2013-2762

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-035

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201304-035

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002149

PATCH

title:	DSA-2658	url:	http://www.debian.org/security/2013/dsa-2658	Trust: 0.8
title:	openSUSE-SU-2013:0635	url:	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html	Trust: 0.8
title:	SUSE-SU-2013:0633	url:	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html	Trust: 0.8
title:	openSUSE-SU-2013:0628	url:	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html	Trust: 0.8
title:	openSUSE-SU-2013:0627	url:	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html	Trust: 0.8
title:	Top Page	url:	http://www.schneider-electric.com/site/home/index.cfm/ww/	Trust: 0.8
title:	Magelis XBT GC/T/K HMI Controller	url:	http://products.schneider-electric.us/products-services/products/plcs-pac-and-distributed-io/industrial-process-machines-and-oems/magelis-xbt-gctk-hmi-controller/	Trust: 0.8
title:	サポート	url:	http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page	Trust: 0.8
title:	トップページ	url:	http://www.schneider-electric.com/site/home/index.cfm/jp/	Trust: 0.8

sources: JVNDB: JVNDB-2013-002149

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2762	Trust: 3.6
db:	ICS CERT	id:	ICSA-13-077-01A	Trust: 3.4
db:	CNNVD	id:	CNNVD-201304-035	Trust: 0.9
db:	CNVD	id:	CNVD-2013-02814	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-002149	Trust: 0.8
db:	BID	id:	58953	Trust: 0.4
db:	IVD	id:	04028C78-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-62764	Trust: 0.1

sources: IVD: 04028c78-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02814 // VULHUB: VHN-62764 // BID: 58953 // JVNDB: JVNDB-2013-002149 // CNNVD: CNNVD-201304-035 // NVD: CVE-2013-2762

REFERENCES

url:	http://ics-cert.us-cert.gov/pdf/icsa-13-077-01a.pdf	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2762	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2762	Trust: 0.8
url:	http://www.schneider-electric.com/products/ww/en/	Trust: 0.3

sources: CNVD: CNVD-2013-02814 // VULHUB: VHN-62764 // BID: 58953 // JVNDB: JVNDB-2013-002149 // CNNVD: CNNVD-201304-035 // NVD: CVE-2013-2762

CREDITS

Arthur Gervais

Trust: 0.3

sources: BID: 58953

SOURCES

db:	IVD	id:	04028c78-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-02814
db:	VULHUB	id:	VHN-62764
db:	BID	id:	58953
db:	JVNDB	id:	JVNDB-2013-002149
db:	CNNVD	id:	CNNVD-201304-035
db:	NVD	id:	CVE-2013-2762

LAST UPDATE DATE

2025-04-11T22:48:22.438000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-02814	date:	2013-05-28T00:00:00
db:	VULHUB	id:	VHN-62764	date:	2013-04-04T00:00:00
db:	BID	id:	58953	date:	2015-03-19T08:10:00
db:	JVNDB	id:	JVNDB-2013-002149	date:	2013-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201304-035	date:	2013-04-25T00:00:00
db:	NVD	id:	CVE-2013-2762	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	04028c78-2353-11e6-abef-000c29c66e3d	date:	2013-04-09T00:00:00
db:	CNVD	id:	CNVD-2013-02814	date:	2013-04-09T00:00:00
db:	VULHUB	id:	VHN-62764	date:	2013-04-04T00:00:00
db:	BID	id:	58953	date:	2013-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2013-002149	date:	2013-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201304-035	date:	2013-04-11T00:00:00
db:	NVD	id:	CVE-2013-2762	date:	2013-04-04T11:58:49.853