Vulnerability Details CVE-2014-6617
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.17
EPSS Ranking 94.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html
- http://www.securityfocus.com/archive/1/533902/100/0/threaded
- http://www.securityfocus.com/bid/70927
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98512
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt
- http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html
- http://www.securityfocus.com/archive/1/533902/100/0/threaded
- http://www.securityfocus.com/bid/70927
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98512
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt
Products affected by CVE-2014-6617
-
cpe:2.3:h:industrial.softing:fg-100_pb_profibus:-
-
cpe:2.3:o:industrial.softing:fg-100_pb_profibus_firmware:fg-x00-pb_v2.02.0.00