TURCK BL20/BL67 Hardcoded Admin Account

Critical Nessus Plugin ID 72620


The remote device has a hardcoded admin account.


The remote TURCK FTP server uses a set of default administrator credentials.


Upgrade to BL67 firmware / BL20 firmware

See Also


Plugin Details

Severity: Critical

ID: 72620

File Name: scada_turck_ftp_auth.nbin

Version: $Revision: 1.61 $

Type: remote

Family: SCADA

Published: 2014/02/10

Modified: 2018/02/15

Dependencies: 10281, 55900, 17975, 11153

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:turck:bl20_programmable_gateway_firmware, cpe:/o:turck:bl67_programmable_gateway_firmware

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/05/18

Vulnerability Publication Date: 2013/05/23

Reference Information

CVE: CVE-2012-4697

BID: 59979

OSVDB: 93458

ICSA: 13-136-01