Magnum MNS-6K Hardcoded Admin Account

high Nessus Plugin ID 62439

Synopsis

The remote device has a hardcoded admin account.

Description

According to its self-reported version, the remote GarrettCom device has a hardcoded admin account that can be accessed by an authenticated user to gain admin privileges on the device.

Solution

Upgrade to MNS-6K version 4.4.0 / 14.4.0 or later.

See Also

http://www.cylance.com/GarrettCom.html

http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf

Plugin Details

Severity: High

ID: 62439

File Name: scada_garrettcom_hardcoded_password.nbin

Version: 1.53

Type: remote

Family: SCADA

Published: 10/5/2012

Updated: 7/19/2022

Configuration: Enable thorough checks

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.7

Temporal Score: 5.7

Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:garrettcom:magnum_managed_networks_software-6k

Exploit Ease: No known exploits are available

Patch Publication Date: 5/18/2012

Vulnerability Publication Date: 8/30/2012

Reference Information

CVE: CVE-2012-3014

BID: 55334

ICSA: 12-243-01