Vulnerabilities > CVE-2012-3020 - Credentials Management vulnerability in Siemens products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

siemens

CWE-255

NVD

Published: 2012-08-06

Updated: 2012-08-07

Summary

The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session.

Vulnerable Configurations

Part	Description	Count
Hardware	Siemens Siemens Synco OZW WEB Server Ozw672.01 Siemens Synco OZW WEB Server Ozw672.04 Siemens Synco OZW WEB Server Ozw672.16 Siemens Synco OZW WEB Server Ozw772.01 Siemens Synco OZW WEB Server Ozw772.04 Siemens Synco OZW WEB Server Ozw772.16 Siemens Synco OZW WEB Server Ozw772.250 Siemens Synco OZW WEB Server Ozw775	8
OS	Siemens Siemens Synco OZW WEB Server Firmware 3.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References