Sensitive information can be obtained from the GE D20 Remote Terminal Unit via TFTP

High Nessus Plugin ID 57602


The remote SCADA device is affected by an information disclosure vulnerability.


The remote device is a GE D20 Remote Terminal Unit that makes its configuration file available over TFTP. This file contains sensitive data such as plaintext usernames and passwords.


Block access to this port.

Plugin Details

Severity: High

ID: 57602

File Name: scada_tftp_d20_sensitive_data.nbin

Version: $Revision: 1.26 $

Type: remote

Family: SCADA

Published: 2012/01/19

Modified: 2018/01/29

Dependencies: 11819

Risk Information

Risk Factor: High


Base Score: 9.4

Temporal Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Temporal Vector: CVSS2#E:POC/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 51578

OSVDB: 78360

ICS-ALERT: 12-019-01