Schneider Electric FTP Server Default Credentials

Critical Nessus Plugin ID 23821


The remote FTP server has one or more accounts with default / backdoor credentials.


The remote FTP server has an account with a known username / password combination, which is hardcoded into the device's firmware and difficult to change or remove. An attacker may be able to use this to gain privileged authenticated access to the system, which could allow for other attacks against the affected device.


Block access to the vulnerable device ports.

Plugin Details

Severity: Critical

ID: 23821

File Name: scada_modicon_default_ftp.nbin

Version: $Revision: 1.37 $

Type: remote

Family: SCADA

Published: 2006/12/11

Modified: 2018/01/29

Dependencies: 10092, 10990

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 51605

OSVDB: 78325, 126364

ICS-ALERT: 12-020-01, 12-020-03, 15-224-02