Lucene search
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OT_500298.NASLHistoryNov 08, 2019 - 12:00 a.m.
Schneider-electric Modicon Use of Hard-coded Credentials
2019-11-0800:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
0.006 Low
EPSS
Percentile
78.2%
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product.
File data ot_500298.nasl| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | modicon_tm221ce16r_firmware | 1.3.3.3 | cpe:2.3:o:schneider-electric:modicon_tm221ce16r_firmware:1.3.3.3:*:*:*:*:*:*:* |
| schneider-electric | modicon_tm221ce16r | - | cpe:2.3:h:schneider-electric:modicon_tm221ce16r:-:*:*:*:*:*:*:* |
| schneider-electric | somachine | 1.4 | cpe:2.3:a:schneider-electric:somachine:1.4:sp1:*:*:*:*:*:* |
Related
nessus
nessus
cvelist
cvelist
CVE-2017-7574
2017-04-06 21:00:00
nvd
nvd
CVE-2017-7574
2017-04-06 21:59:00
cve
cve
CVE-2017-7574
2017-04-06 21:59:00
prion
prion
Hardcoded credentials
2017-04-06 21:59:00
ics
ics
Schneider Electric Modicon M221 PLCs and SoMachine Basic (Update A)
2017-07-20 12:00:00
Schneider Electric Modicon M221 PLCs and SoMachine Basic
2017-04-13 00:00:00