Modicon PLC HTTP Server Default Username/Password (SCADA)

High Nessus Network Monitor Plugin ID 3853

Synopsis

The remote host is configured with default or easily-guessed credentials.

Description

The ethernet module on Modicon's Quantum, Premium and Micro PLC's has an HTTP server with one account that can be modified. The default account has the ability to load programs and change the configuration and programming of the PLC.

Solution

Change the username and password for the HTTP server.

Plugin Details

Severity: High

ID: 3853

Family: SCADA

Published: 2006/12/11

Modified: 2016/09/30

Dependencies: 1442

Risk Information

Risk Factor: High