EUVD-2014-9022

Malware in sbrugna...

Schneider Electric ETG3000 FactoryCast HMI Gateway Vulnerabilities

OVERVIEW Narendra Shinde of Qualys Security has identified multiple vulnerabilities in Schneider Electric’s ETG3000 FactoryCast HMI Gateway. Schneider Electric has produced a firmware update that mitigates part of these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED...

CVE-2014-9197

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request...

Hardcoded credentials

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session...

CVE-2014-9198 Schneider Electric ETG3000 FactoryCast HMI Gateway Use of Hard-coded Credentials

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session...

CVE-2014-9197 Schneider Electric ETG3000 FactoryCast HMI Gateway Missing Authentication for Critical Function

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request...

CVE-2014-9198

The CVE-2014-9198 vulnerability affects Schneider Electric’s ETG3000 FactoryCast HMI Gateway (firmware up to version 1.60 IR 04). The issue is a design flaw in the FTP server that relies on hardcoded/default credentials, enabling remote attackers to access the FTP service and potentially disclose...

CVE-2014-9197

The CVE-2014-9197 issue affects Schneider Electric ETG3000 FactoryCast HMI Gateway (firmware before 1.60 IR04). An unauthenticated access path to rde.jar in the web root allows remote attackers to obtain sensitive setup/configuration information (CWE-306). Connected advisories confirm remote expl...

Schneider Electric ETG3000 FactoryCast HMI Gateway Unauthorized Access Vulnerability

The Schneider Electric ETG3000 FactoryCast HMI Gateway is a Web-based SCADA system. An unauthorized access vulnerability exists in the Schneider Electric ETG3000 FactoryCast HMI Gateway, which could be exploited by an attacker to gain unauthorized access to sensitive information, such as...

Schneider Electric ETG3000 FactoryCast HMI Gateway FTP Built-in Password Vulnerability

The Schneider Electric ETG3000 FactoryCast HMI Gateway is a new intelligent Web gateway. A default account vulnerability exists in the Schneider Electric ETG3000 FactoryCast HMI Gateway FTP server, allowing an attacker to access the service without authentication...