Detections
Analytics
Schneider Electric PowerLogic PM8ECC < 2.651 Hardcoded Credentials
critical Nessus Network Monitor Plugin ID 720085
Synopsis
Undocumented hard-coded credentials allow access to Schneider Electric PowerLogic PM8ECC devices.Description
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
http://www.securityfocus.com/bid/93602,https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01
Plugin Details
Severity: Critical
ID: 720085
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 10/18/2016
Vulnerability Publication Date: 10/18/2016
Reference Information
CVE: CVE-2016-5818
BID: 93602