Sign-up

ID

VAR-201803-0072


CVE

CVE-2014-6617


TITLE

softing FG-100 PB PROFIBUS Unauthorized Access Vulnerability

Trust: 0.8

sources: IVD: d3ac8e26-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-08122

DESCRIPTION

Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Softing FG-100 PB PROFIBUS The firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FG-100 PB PROFIBUS is a DP bus diagnostic and troubleshooting tool. Softing FG-100 PB PROFIBUS has an unauthorized access vulnerability that allows an attacker to exploit the vulnerability to gain unauthorized access and modify sensitive information. softing FG-100 PB PROFIBUS is prone to an unauthorized-access vulnerability. FG-100 PB PROFIBUS unning firmware version FG-x00-PB_V2.02.0.00 is vulnerable. The vulnerability is caused by the use of a hard-coded password for the root account

Trust: 2.79

sources: NVD: CVE-2014-6617 // JVNDB: JVNDB-2014-008532 // CNVD: CNVD-2014-08122 // BID: 70927 // IVD: d3ac8e26-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-74561 // VULMON: CVE-2014-6617

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: d3ac8e26-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-08122

AFFECTED PRODUCTS

vendor:industrial softingmodel:fg-100 pb profibusscope:eqversion:fg-x00-pb_v2.02.0.00

Trust: 1.6

vendor:softing industrial automationmodel:fg-100 pb profibusscope:eqversion:fg-x00-pb_v2.02.0.00

Trust: 0.8

vendor:softingmodel:ag softing fg-100 pbscope:eqversion:2.02.0.00

Trust: 0.6

vendor:softingmodel:fg-100 pb profibus fg-x00-pb v2.02.0.00scope: - version: -

Trust: 0.3

vendor:fg 100 pb profibusmodel:fg-x00-pb v2.02.0.00scope: - version: -

Trust: 0.2

sources: IVD: d3ac8e26-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-08122 // BID: 70927 // JVNDB: JVNDB-2014-008532 // CNNVD: CNNVD-201411-219 // NVD: CVE-2014-6617

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6617
value: CRITICAL

Trust: 1.0

NVD: CVE-2014-6617
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2014-08122
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201411-219
value: CRITICAL

Trust: 0.6

IVD: d3ac8e26-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-74561
value: HIGH

Trust: 0.1

VULMON: CVE-2014-6617
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-6617
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2014-08122
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: d3ac8e26-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-74561
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-6617
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: d3ac8e26-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-08122 // VULHUB: VHN-74561 // VULMON: CVE-2014-6617 // JVNDB: JVNDB-2014-008532 // CNNVD: CNNVD-201411-219 // NVD: CVE-2014-6617

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-74561 // JVNDB: JVNDB-2014-008532 // NVD: CVE-2014-6617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-219

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201411-219

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008532

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-74561

PATCH
title:Top Pageurl:https://industrial.softing.com/en/startpage.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008532

EXTERNAL IDS
db:NVDid:CVE-2014-6617
Trust: 3.7
db:BIDid:70927
Trust: 2.7
db:PACKETSTORMid:128976
Trust: 1.8
db:CNNVDid:CNNVD-201411-219
Trust: 0.9
db:CNVDid:CNVD-2014-08122
Trust: 0.8
db:JVNDBid:JVNDB-2014-008532
Trust: 0.8
db:IVDid:D3AC8E26-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-74561
Trust: 0.1
db:VULMONid:CVE-2014-6617
Trust: 0.1
sources:
            
            
            IVD: d3ac8e26-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-08122 // 
            
            
            
            VULHUB: VHN-74561 // 
            
            
            
            VULMON: CVE-2014-6617 // 
            
            
            
            BID: 70927 // 
            
            
            
            JVNDB: JVNDB-2014-008532 // 
            
            
            
            CNNVD: CNNVD-201411-219 // 
            
            
            
            NVD: CVE-2014-6617

REFERENCES
url:https://www.compass-security.com/fileadmin/datein/research/advisories/csnc-2014-005_softring_backdoor_account.txt
Trust: 2.6
url:http://www.securityfocus.com/bid/70927
Trust: 2.4
url:http://packetstormsecurity.com/files/128976/softing-fg-100-pb-hardcoded-backdoor.html
Trust: 1.9
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98512
Trust: 1.8
url:http://www.securityfocus.com/archive/1/533902/100/0/threaded
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6617
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-6617
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/533902/100/0/threaded
Trust: 0.6
url:http://industrial.softing.com/en/products/profibus-master-or-slave-configurable-single-channel-remote-interface.html
Trust: 0.3
url:http://www.csnc.ch/misc/files/advisories/csnc-2014-005_softring_backdoor_account.txt
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-08122 // 
            
            
            
            VULHUB: VHN-74561 // 
            
            
            
            VULMON: CVE-2014-6617 // 
            
            
            
            BID: 70927 // 
            
            
            
            JVNDB: JVNDB-2014-008532 // 
            
            
            
            CNNVD: CNNVD-201411-219 // 
            
            
            
            NVD: CVE-2014-6617

CREDITS
Ingmar Rosenhagen, Daniel Marzin, and Johannes Klick.
Trust: 0.9
sources:
            
            
            BID: 70927 // 
            
            
            
            CNNVD: CNNVD-201411-219

SOURCES
db:IVDid:d3ac8e26-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-08122
db:VULHUBid:VHN-74561
db:VULMONid:CVE-2014-6617
db:BIDid:70927
db:JVNDBid:JVNDB-2014-008532
db:CNNVDid:CNNVD-201411-219
db:NVDid:CVE-2014-6617

LAST UPDATE DATE
2024-11-23T22:45:26.023000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-08122date:2014-11-07T00:00:00
db:VULHUBid:VHN-74561date:2018-10-09T00:00:00
db:VULMONid:CVE-2014-6617date:2018-10-09T00:00:00
db:BIDid:70927date:2014-11-05T00:00:00
db:JVNDBid:JVNDB-2014-008532date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201411-219date:2018-12-07T00:00:00
db:NVDid:CVE-2014-6617date:2024-11-21T02:14:46.383

SOURCES RELEASE DATE
db:IVDid:d3ac8e26-2351-11e6-abef-000c29c66e3ddate:2014-11-07T00:00:00
db:CNVDid:CNVD-2014-08122date:2014-11-07T00:00:00
db:VULHUBid:VHN-74561date:2018-03-09T00:00:00
db:VULMONid:CVE-2014-6617date:2018-03-09T00:00:00
db:BIDid:70927date:2014-11-05T00:00:00
db:JVNDBid:JVNDB-2014-008532date:2018-04-19T00:00:00
db:CNNVDid:CNNVD-201411-219date:2014-11-15T00:00:00
db:NVDid:CVE-2014-6617date:2018-03-09T20:29:00.347