ID

VAR-190001-1126


TITLE

Tecomat Foxtrot Default Password Security Bypass Vulnerability

Trust: 1.1

sources: IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0347 // BID: 51602

DESCRIPTION

Tecomat Foxtrot is a programmable controller for industrial control tasks. The application has 9 default users installed and uses the known default password: user 0 password 0 role 0 user 1 password 1 role 1user 2 password 2 role 2user 3 password 3 role 3user 4 password 4 role 4user 5 password 5 role 5user 6 Password 6 role 6user 7 password 7 role 7user 8 password 8 role 8user 9 password 9 role 9 Many PLC devices can be accessed remotely through these default passwords. Tecomat Foxtrot is prone to a security-bypass vulnerability. Successful attacks can allow an attacker to gain access to the affected application using the default authentication credentials

Trust: 0.99

sources: CNVD: CNVD-2012-0347 // BID: 51602 // IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0347

AFFECTED PRODUCTS

vendor:tecomatmodel:foxtrotscope:eqversion:0

Trust: 1.1

vendor:tecomatmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0347 // BID: 51602

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-372

TYPE

Unknown

Trust: 0.3

sources: BID: 51602

EXTERNAL IDS

db:BIDid:51602

Trust: 1.5

db:CNVDid:CNVD-2012-0347

Trust: 0.8

db:CNNVDid:CNNVD-201201-372

Trust: 0.6

db:IVDid:A86E89FE-1F77-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: a86e89fe-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0347 // BID: 51602 // CNNVD: CNNVD-201201-372

REFERENCES

url:http://dsecrg.com/pages/vul/show.php?id=407

Trust: 0.9

url:http://www.securityfocus.com/bid/51602

Trust: 0.6

url:http://www.tecomat.com/index.php?a=cat.308

Trust: 0.3

sources: CNVD: CNVD-2012-0347 // BID: 51602 // CNNVD: CNNVD-201201-372

CREDITS

Alexandr Polyakov from DSecRG

Trust: 0.9

sources: BID: 51602 // CNNVD: CNNVD-201201-372

SOURCES

db:IVDid:a86e89fe-1f77-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0347
db:BIDid:51602
db:CNNVDid:CNNVD-201201-372

LAST UPDATE DATE

2022-05-17T01:55:33.084000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0347date:2012-02-01T00:00:00
db:BIDid:51602date:2012-01-20T00:00:00
db:CNNVDid:CNNVD-201201-372date:2012-02-01T00:00:00

SOURCES RELEASE DATE

db:IVDid:a86e89fe-1f77-11e6-abef-000c29c66e3ddate:2012-02-01T00:00:00
db:CNVDid:CNVD-2012-0347date:2012-02-01T00:00:00
db:BIDid:51602date:2012-01-20T00:00:00
db:CNNVDid:CNNVD-201201-372date:1900-01-01T00:00:00