CVE-2013-2762

Published: Apr 4, 2013Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data.

Affected (1)

Products: Schneider Electric: Magelis Xbt Hmi

Schneider Electric

1 product

Magelis Xbt Hmi

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Magelis Xbt Hmi	All versions

Related CWEs

CWE-255

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf

Source: cve@mitre.org

US Government Resource

http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.