Vulnerabilities > CVE-2009-4463 - Credentials Management vulnerability in Intellicom products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

intellicom

CWE-255

critical

NVD

Published: 2009-12-30

Updated: 2018-10-10

Summary

Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords.

Vulnerable Configurations

Part	Description	Count
Hardware	Intellicom Intellicom Netbiter Webscada Firmware 3.11.0 Intellicom Netbiter Webscada Firmware 3.11.1 Intellicom Netbiter Webscada Firmware 3.11.2 Intellicom Netbiter Webscada Firmware 3.12.4 Intellicom Netbiter Webscada Firmware 3.12.6 Intellicom Netbiter Webscada Firmware 3.13.0 Intellicom Netbiter Webscada Firmware 3.13.1 Intellicom Netbiter Webscada Firmware 3.13.2 Intellicom Netbiter Webscada Firmware 3.20.0 Intellicom Netbiter Webscada Firmware 3.30.0 Intellicom Netbiter Webscada Firmware 3.30.1 Intellicom Netbiter Webscada Firmware 3.30.2 Intellicom Netbiter Webscada Ws100 * Intellicom Netbiter Webscada Ws200 *	14

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References