Magnum MNS-6K Hardcoded Admin Account

High Nessus Plugin ID 62439

Synopsis

The remote device has a hardcoded admin account.

Description

According to its self-reported version, the remote GarrettCom device has a hardcoded admin account that can be accessed by an authenticated user to gain admin privileges on the device.

Solution

Upgrade to MNS-6K version 4.4.0 / 14.4.0 or later.

See Also

http://www.cylance.com/GarrettCom.html

http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf

Plugin Details

Severity: High

ID: 62439

File Name: scada_garrettcom_hardcoded_password.nbin

Version: 1.38

Type: remote

Family: SCADA

Published: 2012/10/05

Updated: 2019/08/20

Dependencies: 10281, 55900, 17975, 11153

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.7

Temporal Score: 5.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:garrettcom:magnum_managed_networks_software-6k

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/05/18

Vulnerability Publication Date: 2012/08/30

Reference Information

CVE: CVE-2012-3014

BID: 55334

ICSA: 12-243-01