Modicon Quantum HTTP Server Default Credentials

High Nessus Plugin ID 23822


The remote web server can be accessed with a default set of credentials.


The remote web server appears to be a Modicon Quantum controller that can be accessed using a default set of credentials. An attacker could leverage this issue to gain administrative access to the affected device.


Change the default password or block access to the port.

Plugin Details

Severity: High

ID: 23822

File Name: scada_modicon_default_web.nbin

Version: $Revision: 1.43 $

Type: remote

Family: SCADA

Published: 2006/12/11

Modified: 2018/01/29

Dependencies: 10107

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 51605

OSVDB: 78324

ICS-ALERT: 12-020-03