Schneider Electric FTP Server Default Credentials

Critical Nessus Plugin ID 23821


The remote FTP server has one or more accounts with default /
backdoor credentials.


The remote FTP server has an account with a known username / password
combination, which is hardcoded into the device's firmware and
difficult to change or remove. An attacker may be able to use this to
gain privileged authenticated access to the system, which could allow
for other attacks against the affected device.


Block access to the vulnerable device ports.

Plugin Details

Severity: Critical

ID: 23821

File Name: scada_modicon_default_ftp.nbin

Version: 1.51

Type: remote

Family: SCADA

Published: 2006/12/11

Modified: 2019/01/09

Dependencies: 10092, 10990

Risk Information

Risk Factor: Critical

CVSS Score Source: manual

CVSS Score Rationale: Privileged authenticated access

CVSS v2.0

Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSS v3.0

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 51605

ICS-ALERT: 12-020-01, 12-020-03, 15-224-02