Lucene search

[email protected]CVE-2014-5396

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-5396

2022-10-0316:20:42

[email protected]

web.nvd.nist.gov

cve-2014-5396

schrack technik

microcontrol

firmware

hardcoded password

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

JSON

The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the “user” account, which makes it easier for remote attackers to obtain access via unspecified vectors.

Affected configurations

NVD

Node

schracktechnik_microcontrol_firmwareRange≤1.7.0

AND

schracktechnik_microcontrolMatch-

CPENameOperatorVersion
schrack:technik_microcontrol_firmwareschrack technik microcontrol firmwarele1.7.0
schrack:technik_microcontrolschrack technik microcontroleq-

CPE	Name	Operator	Version
schrack:technik_microcontrol_firmware	schrack technik microcontrol firmware	le	1.7.0
schrack:technik_microcontrol	schrack technik microcontrol	eq	-

References

seclists.org/fulldisclosure/2014/Jul/40

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for CVE-2014-5396

nvd1 prion1 cvelist1