Details of VAR-190001-1126

ID

VAR-190001-1126

TITLE

Tecomat Foxtrot Default Password Security Bypass Vulnerability

Trust: 1.1

sources: IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0347 // BID: 51602

DESCRIPTION

Tecomat Foxtrot is a programmable controller for industrial control tasks. The application has 9 default users installed and uses the known default password: user 0 password 0 role 0 user 1 password 1 role 1user 2 password 2 role 2user 3 password 3 role 3user 4 password 4 role 4user 5 password 5 role 5user 6 Password 6 role 6user 7 password 7 role 7user 8 password 8 role 8user 9 password 9 role 9 Many PLC devices can be accessed remotely through these default passwords. Tecomat Foxtrot is prone to a security-bypass vulnerability. Successful attacks can allow an attacker to gain access to the affected application using the default authentication credentials

Trust: 0.99

sources: CNVD: CNVD-2012-0347 // BID: 51602 // IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0347

AFFECTED PRODUCTS

vendor:	tecomat	model:	foxtrot	scope:	eq	version:	0	Trust: 1.1
vendor:	tecomat	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0347 // BID: 51602

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	a86e89fe-1f77-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

IVD:	a86e89fe-1f77-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-372

TYPE

Unknown

Trust: 0.3

sources: BID: 51602

EXTERNAL IDS

db:	BID	id:	51602	Trust: 1.5
db:	CNVD	id:	CNVD-2012-0347	Trust: 0.8
db:	CNNVD	id:	CNNVD-201201-372	Trust: 0.6
db:	IVD	id:	A86E89FE-1F77-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0347 // BID: 51602 // CNNVD: CNNVD-201201-372

REFERENCES

url:	http://dsecrg.com/pages/vul/show.php?id=407	Trust: 0.9
url:	http://www.securityfocus.com/bid/51602	Trust: 0.6
url:	http://www.tecomat.com/index.php?a=cat.308	Trust: 0.3

sources: CNVD: CNVD-2012-0347 // BID: 51602 // CNNVD: CNNVD-201201-372

CREDITS

Alexandr Polyakov from DSecRG

Trust: 0.9

sources: BID: 51602 // CNNVD: CNNVD-201201-372

SOURCES

db:	IVD	id:	a86e89fe-1f77-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-0347
db:	BID	id:	51602
db:	CNNVD	id:	CNNVD-201201-372

LAST UPDATE DATE

2022-05-17T01:55:33.084000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0347	date:	2012-02-01T00:00:00
db:	BID	id:	51602	date:	2012-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201201-372	date:	2012-02-01T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	a86e89fe-1f77-11e6-abef-000c29c66e3d	date:	2012-02-01T00:00:00
db:	CNVD	id:	CNVD-2012-0347	date:	2012-02-01T00:00:00
db:	BID	id:	51602	date:	2012-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201201-372	date:	1900-01-01T00:00:00