Details of VAR-201501-0403

ID

VAR-201501-0403

CVE

CVE-2014-9198

TITLE

Schneider Electric ETG3000 FactoryCast HMI Gateway FTP Built-in password vulnerability

Trust: 0.8

sources: IVD: a629a808-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00498

DESCRIPTION

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. Schneider Electric ETG3000 FactoryCast HMI Gateway is a new intelligent web gateway. This BID is being retired as a duplicate of BID 72258. This may aid in further attacks. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 3.69

sources: NVD: CVE-2014-9198 // JVNDB: JVNDB-2014-007804 // CNVD: CNVD-2015-00498 // CNVD: CNVD-2015-00647 // BID: 77765 // BID: 72258 // IVD: 1d9bbecc-1e97-11e6-abef-000c29c66e3d // IVD: a629a808-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-77143

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 1.2
category:	['ICS']	sub_category:	-	Trust: 0.4

sources: IVD: 1d9bbecc-1e97-11e6-abef-000c29c66e3d // IVD: a629a808-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00498 // CNVD: CNVD-2015-00647

AFFECTED PRODUCTS

vendor:	schneider electric	model:	tsxetg3022	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	tsxetg3021	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	tsxetg3010	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider electric	model:	tsxetg3000	scope:	eq	version:	-	Trust: 1.6
vendor:	schneider	model:	electric etg3000 factorycast hmi gateway	scope:	-	version:	-	Trust: 1.2
vendor:	schneider electric	model:	etg3000 factorycast hmi gateway	scope:	eq	version:	1.60.4	Trust: 1.2
vendor:	schneider electric	model:	etg3000 factorycast hmi gateway	scope:	lte	version:	1.60.4	Trust: 1.0
vendor:	schneider electric	model:	etg3000 factorycast hmi gateway	scope:	lt	version:	1.60 ir 04	Trust: 0.8
vendor:	schneider electric	model:	tsxetg3000	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxetg3010	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxetg3021	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	tsxetg3022	scope:	-	version:	-	Trust: 0.8
vendor:	schneider electric	model:	etg3000 factorycast hmi gateway tsxetg3022	scope:	-	version:	-	Trust: 0.3
vendor:	schneider electric	model:	etg3000 factorycast hmi gateway tsxetg3021	scope:	-	version:	-	Trust: 0.3
vendor:	schneider electric	model:	etg3000 factorycast hmi gateway tsxetg3010	scope:	-	version:	-	Trust: 0.3
vendor:	schneider electric	model:	etg3000 factorycast hmi gateway tsxetg3000	scope:	-	version:	-	Trust: 0.3
vendor:	schneider electric	model:	etg3000 factorycast hmi gateway ir	scope:	eq	version:	1.6004	Trust: 0.3
vendor:	etg3000	model:	factorycast hmi gateway	scope:	eq	version:	3.12	Trust: 0.2
vendor:	tsxetg3021	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	tsxetg3000	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	etg3000 factorycast hmi gateway	model:	-	scope:	eq	version:	1.60.4	Trust: 0.2
vendor:	tsxetg3022	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	tsxetg3010	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 1d9bbecc-1e97-11e6-abef-000c29c66e3d // IVD: a629a808-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00498 // CNVD: CNVD-2015-00647 // BID: 77765 // BID: 72258 // JVNDB: JVNDB-2014-007804 // CNNVD: CNNVD-201501-634 // NVD: CVE-2014-9198

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9198
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9198
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-00498
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2015-00647
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201501-613
value:	CRITICAL
Trust: 0.6
CNNVD:	CNNVD-201501-634
value:	CRITICAL
Trust: 0.6
IVD:	1d9bbecc-1e97-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	a629a808-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-77143
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-9198
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-00498
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2015-00647
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	1d9bbecc-1e97-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	a629a808-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-77143
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 1d9bbecc-1e97-11e6-abef-000c29c66e3d // IVD: a629a808-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00498 // CNVD: CNVD-2015-00647 // VULHUB: VHN-77143 // JVNDB: JVNDB-2014-007804 // CNNVD: CNNVD-201501-613 // CNNVD: CNNVD-201501-634 // NVD: CVE-2014-9198

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-77143 // JVNDB: JVNDB-2014-007804 // NVD: CVE-2014-9198

THREAT TYPE

network

Trust: 0.6

sources: BID: 77765 // BID: 72258

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201501-613

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007804

PATCH

title:	TSX ETG 30xx V1.60 IR04	url:	http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe=true&reference=ETG30xxV160-IR04	Trust: 0.8
title:	Schneider Electric ETG3000 FactoryCast HMI Gateway FTP built-in password vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/54452	Trust: 0.6
title:	Schneider Electric ETG3000 FactoryCast HMI Gateway verifies patches for bypassing vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/54278	Trust: 0.6
title:	ETG30xx_V1.60.4_UpgradeFw	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53568	Trust: 0.6

sources: CNVD: CNVD-2015-00498 // CNVD: CNVD-2015-00647 // JVNDB: JVNDB-2014-007804 // CNNVD: CNNVD-201501-634

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9198	Trust: 4.7
db:	ICS CERT	id:	ICSA-15-020-02	Trust: 4.3
db:	BID	id:	72258	Trust: 2.6
db:	BID	id:	77765	Trust: 2.0
db:	CNNVD	id:	CNNVD-201501-613	Trust: 1.1
db:	CNVD	id:	CNVD-2015-00647	Trust: 0.8
db:	CNVD	id:	CNVD-2015-00498	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-007804	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-634	Trust: 0.7
db:	IVD	id:	1D9BBECC-1E97-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	A629A808-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-77143	Trust: 0.1

sources: IVD: 1d9bbecc-1e97-11e6-abef-000c29c66e3d // IVD: a629a808-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00498 // CNVD: CNVD-2015-00647 // VULHUB: VHN-77143 // BID: 77765 // BID: 72258 // JVNDB: JVNDB-2014-007804 // CNNVD: CNNVD-201501-613 // CNNVD: CNNVD-201501-634 // NVD: CVE-2014-9198

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-020-02	Trust: 4.3
url:	http://www.securityfocus.com/bid/72258	Trust: 2.3
url:	http://www.securityfocus.com/bid/77765	Trust: 2.3
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9198	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9198	Trust: 0.8
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3

sources: CNVD: CNVD-2015-00498 // CNVD: CNVD-2015-00647 // VULHUB: VHN-77143 // BID: 77765 // BID: 72258 // JVNDB: JVNDB-2014-007804 // CNNVD: CNNVD-201501-613 // CNNVD: CNNVD-201501-634 // NVD: CVE-2014-9198

CREDITS

Unknown,Narendra Shinde of Qualys Security

Trust: 0.6

sources: CNNVD: CNNVD-201501-613

SOURCES

db:	IVD	id:	1d9bbecc-1e97-11e6-abef-000c29c66e3d
db:	IVD	id:	a629a808-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-00498
db:	CNVD	id:	CNVD-2015-00647
db:	VULHUB	id:	VHN-77143
db:	BID	id:	77765
db:	BID	id:	72258
db:	JVNDB	id:	JVNDB-2014-007804
db:	CNNVD	id:	CNNVD-201501-613
db:	CNNVD	id:	CNNVD-201501-634
db:	NVD	id:	CVE-2014-9198

LAST UPDATE DATE

2025-04-13T23:27:34.834000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-00498	date:	2015-01-23T00:00:00
db:	CNVD	id:	CNVD-2015-00647	date:	2015-01-27T00:00:00
db:	VULHUB	id:	VHN-77143	date:	2019-04-15T00:00:00
db:	BID	id:	77765	date:	2019-04-12T18:00:00
db:	BID	id:	72258	date:	2019-04-12T19:00:00
db:	JVNDB	id:	JVNDB-2014-007804	date:	2015-01-29T00:00:00
db:	CNNVD	id:	CNNVD-201501-613	date:	2019-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201501-634	date:	2021-09-07T00:00:00
db:	NVD	id:	CVE-2014-9198	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	1d9bbecc-1e97-11e6-abef-000c29c66e3d	date:	2015-01-27T00:00:00
db:	IVD	id:	a629a808-2351-11e6-abef-000c29c66e3d	date:	2015-01-23T00:00:00
db:	CNVD	id:	CNVD-2015-00498	date:	2015-01-23T00:00:00
db:	CNVD	id:	CNVD-2015-00647	date:	2015-01-27T00:00:00
db:	VULHUB	id:	VHN-77143	date:	2015-01-27T00:00:00
db:	BID	id:	77765	date:	2015-01-27T00:00:00
db:	BID	id:	72258	date:	2015-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-007804	date:	2015-01-29T00:00:00
db:	CNNVD	id:	CNNVD-201501-613	date:	2015-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201501-634	date:	2015-01-28T00:00:00
db:	NVD	id:	CVE-2014-9198	date:	2015-01-27T19:59:10.810