13 matches found
EUVD-2014-6495
Malware in sbrugna...
CVE-2014-6617
Softing FG-100 PB PROFIBUS firmware version FG-x00-PBV2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session...
Hardcoded credentials
Softing FG-100 PB PROFIBUS firmware version FG-x00-PBV2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session...
CVE-2014-6617
The CVE-2014-6617 entry applies to Softing FG-100 PB PROFIBUS firmware FG-x00-PB_V2.02.0.00, where a hardcoded root password enables TELNET access to obtain admin rights. Public documents (NVD entry and Compass Security advisory) confirm a backdoor account exists by default, with vendor notes ind...
CVE-2014-6617
Softing FG-100 PB PROFIBUS firmware version FG-x00-PBV2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session...
CVE-2014-6616
Cross-site scripting XSS vulnerability in Softing FG-100 PROFIBUS Single Channel FG-100-PB with firmware FG-x00-PBV2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICENAME parameter to cgi-bin/CFGhttp/...
Cross site scripting
Cross-site scripting XSS vulnerability in Softing FG-100 PROFIBUS Single Channel FG-100-PB with firmware FG-x00-PBV2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICENAME parameter to cgi-bin/CFGhttp/...
CVE-2014-6616
CVE-2014-6616 is an XSS flaw in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) firmware FG-x00-PB_V2.02.0.00. The web GUI fails to properly encode user data, allowing an attacker to inject arbitrary script via the DEVICE_NAME parameter to /cgi-bin/CFGhttp. Impact: remote script execution with...
CVE-2014-6616 Softing FG-100 Webui XSS
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6616 Subject: XSS Risk: High Effect: Remotely exploitable Author: Johannes Klick Daniel Marzin Ingmar Rosenhagen Date: 05.11.2014 Introduction:...
CVE-2014-6617 Softing FG-100 Backdoor Account
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6617 Subject: Backdoor Account Risk: High Effect: Remotely exploitable Author: Ingmar Rosenhagen Daniel Marzin Johannes Klick Date: 05.11.2014...
Softing FG-100 security vulnerabilities
Backdoor accounts, crossite scripting...
Softing FG-100 PB Hardcoded Backdoor
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6617 Subject: Backdoor Account Risk: High Effect: Remotely exploitable Author: Ingmar Rosenhagen Daniel Marzin Johannes Klick Date: 05.11.2014...
Softing FG-100 PB Cross Site Scripting
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6616 Subject: XSS Risk: High Effect: Remotely exploitable Author: Johannes Klick Daniel Marzin Ingmar Rosenhagen Date: 05.11.2014 Introduction:...