CVE-2014-9198

Published: Jan 27, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

Affected (5)

Products: Schneider Electric: Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010, Tsxetg3021, Tsxetg3022

Schneider Electric

5 products

Etg3000 Factorycast Hmi Gateway Firmware

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Schneider Electric Etg3000 Factorycast Hmi Gateway Firmware	Up to 1.60.4
Schneider Electric Tsxetg3000	All versions
Schneider Electric Tsxetg3010	All versions
Schneider Electric Tsxetg3021	All versions
Schneider Electric Tsxetg3022	All versions

Related CWEs

CWE-255

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02

Source: ics-cert@hq.dhs.gov

http://www.securityfocus.com/bid/72258

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/77765

Source: af854a3a-2127-422b-91ae-364da2661108

https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

Source: af854a3a-2127-422b-91ae-364da2661108

PatchUS Government Resource

Timeline

No history available yet.