Modicon Quantum FTP Server Default Credentials

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FTP server has one or more accounts with default /
backdoor credentials.

Description :

The remote FTP server has an account with a known username / password
combination, which is hardcoded into the device's firmware and
difficult to change or remove. An attacker may be able to use this to
gain authenticated acccess to the system, which could allow for other
attacks against the affected device.

Solution :

Block access to the vulnerable device ports.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 6.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 23821 ()

Bugtraq ID: 51605

CVE ID: