Modicon Quantum HTTP Server Default Credentials

high Nessus Plugin ID 23822

Language:

Synopsis

The remote web server can be accessed with a default set of credentials.

Description

The remote web server appears to be a Modicon Quantum controller that can be accessed using a default set of credentials. An attacker could leverage this issue to gain administrative access to the affected device.

Solution

Change the default password or block access to the port.

Plugin Details

Severity: High

ID: 23822

File Name: scada_modicon_default_web.nbin

Version: 1.102

Type: remote

Family: SCADA

Published: 12/11/2006

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 51605

ICS-ALERT: 12-020-03

Detections

Analytics