CVE-2012-4697

2022-10-0316:15:34

CWE-255

[email protected]

web.nvd.nist.gov

cve-2012-4697

turck bl20

bl67

programmable gateways

hardcoded accounts

remote access

ftp

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.1%

JSON

TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.

Affected configurations

NVD

Node

turckbl20_programmable_gatewayMatch-

turckbl67_programmable_gatewayMatch-

turckbl20_programmable_gateway_firmwareMatch-

turckbl67_programmable_gateway_firmwareMatch-

CPENameOperatorVersion
turck:bl20_programmable_gatewayturck bl20 programmable gatewayeq-
turck:bl67_programmable_gatewayturck bl67 programmable gatewayeq-
turck:bl20_programmable_gateway_firmwareturck bl20 programmable gateway firmwareeq-
turck:bl67_programmable_gateway_firmwareturck bl67 programmable gateway firmwareeq-

CPE	Name	Operator	Version
turck:bl20_programmable_gateway	turck bl20 programmable gateway	eq	-
turck:bl67_programmable_gateway	turck bl67 programmable gateway	eq	-
turck:bl20_programmable_gateway_firmware	turck bl20 programmable gateway firmware	eq	-
turck:bl67_programmable_gateway_firmware	turck bl67 programmable gateway firmware	eq	-