CVE-2014-9198

EPSS 0.82%
Published 27.01.2015 19:59:10
Last modified 05.09.2025 22:15:33
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Etg3000 Factorycast Hmi Gateway Firmware Version <= 1.60.4

Schneider-electric ≫ Tsxetg3000 Version-

Schneider-electric ≫ Tsxetg3010 Version-

Schneider-electric ≫ Tsxetg3021 Version-

Schneider-electric ≫ Tsxetg3022 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.82%	0.736

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

Patch

US Government Resource

http://www.securityfocus.com/bid/72258

http://www.securityfocus.com/bid/77765

https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02

https://nvd.nist.gov/vuln/detail/CVE-2014-9198

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-9198

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-9198

EUVD