Emerson SM-Ethernet FTP Server Default Credentials

High Nessus Plugin ID 87124


The remote device has an FTP account with default credentials.


It was possible to log into the remote FTP server on the Emerson SCADA device by providing a set of default credentials. A remote attacker can exploit this to gain authenticated access.


Change the default password or block access to the port.

Plugin Details

Severity: High

ID: 87124

File Name: scada_emerson_sm_ethernet_ftp_default_credentials.nbin

Version: $Revision: 1.10 $

Type: remote

Family: SCADA

Published: 2015/12/01

Modified: 2017/03/03

Dependencies: 10092, 10990

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P


Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only