Vulnerability Details CVE-2009-4463
Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.5%
CVSS Severity
CVSS v2 Score 10.0
References
- http://blog.48bits.com/?p=781
- http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1
- http://support.intellicom.se/getfile.cfm?FID=151
- http://www.kb.cert.org/vuls/id/902793
- http://www.osvdb.org/61506
- http://www.securityfocus.com/archive/1/508449/100/0/threaded
- http://blog.48bits.com/?p=781
- http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1
- http://support.intellicom.se/getfile.cfm?FID=151
- http://www.kb.cert.org/vuls/id/902793
- http://www.osvdb.org/61506
- http://www.securityfocus.com/archive/1/508449/100/0/threaded
Products affected by CVE-2009-4463
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.11.0
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.11.1
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.11.2
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.12.4
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.12.6
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.13.0
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.13.1
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.13.2
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.20.0
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.30.0
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.30.1
-
cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.30.2
-
cpe:2.3:h:intellicom:netbiter_webscada_ws100:*
-
cpe:2.3:h:intellicom:netbiter_webscada_ws200:*