Modicon PLC Web Password Status Disclosure SNMP Request Password Status Remote Disclosure

medium Nessus Plugin ID 23826

Language:

Synopsis

It is possible to obtain the Web Password Status of a Modicon PLC using an SNMP Get Request.

Description

The Modicon Quantum, Premium and Momentum brands of PLC's have a private SNMP MIB that is available on the Internet. The Web Password Status has been obtained via an SNMP Get Request. The Web Password Status is either enabled or disabled.

A Web Password Status of disabled identifies a vulnerability.

Solution

Change default community strings to a value not easily guessed and filter access to the SNMP port.

Plugin Details

Severity: Medium

ID: 23826

File Name: scada_modicon_snmp_webpassword_status.nbin

Version: 1.131

Type: local

Family: SCADA

Published: 12/11/2006

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SNMP/community, SCADA/Device/Modicon

Detections

Analytics