Details of VAR-201312-0507

ID

VAR-201312-0507

TITLE

Schneider Electric Modicon M340 Multiple default account vulnerabilities

Trust: 0.8

sources: IVD: 2a1c6022-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14992

DESCRIPTION

Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The Schneider Electric Modicon M340 includes the 'USER/USER' and 'ntpupdate/ntpupdate' accounts by default, allowing remote attackers to exploit the account to gain unauthorized access to the device

Trust: 0.72

sources: CNVD: CNVD-2013-14992 // IVD: 2a1c6022-1ef9-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 2a1c6022-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14992

AFFECTED PRODUCTS

vendor:	schneider	model:	electric modicon m340	scope:	-	version:	-	Trust: 0.6
vendor:	schneider	model:	electric modicon m340	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 2a1c6022-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14992

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-14992
value:	MEDIUM
Trust: 0.6
IVD:	2a1c6022-1ef9-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2013-14992
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	2a1c6022-1ef9-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 2a1c6022-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14992

TYPE

Licensing issues

Trust: 0.2

sources: IVD: 2a1c6022-1ef9-11e6-abef-000c29c66e3d

EXTERNAL IDS

db:	CNVD	id:	CNVD-2013-14992	Trust: 0.8
db:	IVD	id:	2A1C6022-1EF9-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 2a1c6022-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14992

REFERENCES

url:

http://dariusfreamon.wordpress.com/2013/12/08/schneider-modicon-m340-for-ethernet-multiple-default-credentials/

Trust: 0.6

sources: CNVD: CNVD-2013-14992

SOURCES

db:	IVD	id:	2a1c6022-1ef9-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-14992

LAST UPDATE DATE

2022-05-17T01:45:23.551000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2013-14992

date:

2013-12-12T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	2a1c6022-1ef9-11e6-abef-000c29c66e3d	date:	2013-12-12T00:00:00
db:	CNVD	id:	CNVD-2013-14992	date:	2013-12-11T00:00:00