CyberSec.Space Logo
Back to CVE Browser

CVE-2014-9198

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0800%
EPSS Percentile43.12th
PublishedJan 27, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

Affected Platforms (CPE)

πŸ’»
Schneider Electric

Etg3000 Factorycast Hmi Gateway Firmware

<= 1.60.4
πŸ”Œ
Schneider Electric

Tsxetg3000

All versions
πŸ”Œ
Schneider Electric

Tsxetg3010

All versions
πŸ”Œ
Schneider Electric

Tsxetg3021

All versions
πŸ”Œ
Schneider Electric

Tsxetg3022

All versions

References & Advisories

πŸ”— https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02
πŸ”— http://www.securityfocus.com/bid/72258
πŸ”— http://www.securityfocus.com/bid/77765
πŸ”— https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02

Related Vulnerabilities

CVE-2014-919710.0

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insu...

CVE-2014-049810.0

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Ma...

CVE-2014-052310.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-052410.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...