Eaton 9PX Insufficiently Protected Credentials (CVE-2018-9280)

medium Tenable OT Security Plugin ID 502702

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext.
Passwords of the read and write users could be retrieved by browsing the source code of the webpage.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?b8b12b72

Plugin Details

Severity: Medium

ID: 502702

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 11/29/2024

Updated: 12/2/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2018-9280

CVSS v3

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:eaton:9px_ups_firmware:-

Required KB Items: Tenable.ot/Eaton

Exploit Ease: No known exploits are available

Patch Publication Date: 10/24/2018

Vulnerability Publication Date: 10/24/2018

Reference Information

CVE: CVE-2018-9280

CWE: 522