Vulnerability Details CVE-2012-4577
The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.9%
CVSS Severity
CVSS v2 Score 10.0
References
- http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02
- http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02
- http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity
- http://www.securityfocus.com/bid/55196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77992
- http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02
- http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02
- http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity
- http://www.securityfocus.com/bid/55196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77992