{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ETG3000 FactoryCast HMI Gateway", "vendor": "Schneider Electric", "versions": [{"status": "affected", "version": "TSXETG3000"}, {"status": "affected", "version": "TSXETG3010"}, {"status": "affected", "version": "TSXETG3021"}, {"status": "affected", "version": "TSXETG3022"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Narendra Shinde of Qualys Security"}], "datePublic": "2015-01-20T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\nThe FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.\n\n</p>"}], "value": "The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session."}], "metrics": [{"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-05T21:18:01.615Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Schneider Electric has produced an updated firmware, labelled V1.60 \nIR 04. This firmware release moves the jar files directory in a secure \narea. The new firmware also includes the ability to disable the FTP \nserver. This updated firmware can be downloaded at:</p>\n<p><a target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe=true&amp;reference=ETG30xxV160-IR04\">http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe...</a></p>\n\n<br>"}], "value": "Schneider Electric has produced an updated firmware, labelled V1.60 \nIR 04. This firmware release moves the jar files directory in a secure \narea. The new firmware also includes the ability to disable the FTP \nserver. This updated firmware can be downloaded at:\n\n\n http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe... http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/"}], "source": {"advisory": "ICSA-15-020-02", "discovery": "EXTERNAL"}, "title": "Schneider Electric ETG3000 FactoryCast HMI Gateway Use of Hard-coded Credentials", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Schneider Electric recommends the FTP server be deactivated when not \nneeded. The firmware update does not remove the hard-coded credentials.</p>\n<p>Narendra Shinde also found that configuration files were accessible \nusing default credentials. Schneider Electric recommends users change \nthe default login credentials. This will protect configuration files \nfrom unauthorized access.</p>\n\n<br>"}], "value": "Schneider Electric recommends the FTP server be deactivated when not \nneeded. The firmware update does not remove the hard-coded credentials.\n\n\nNarendra Shinde also found that configuration files were accessible \nusing default credentials. Schneider Electric recommends users change \nthe default login credentials. This will protect configuration files \nfrom unauthorized access."}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-9197", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:24.277Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}, {"name": "72258", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72258"}, {"name": "77765", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77765"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9198", "datePublished": "2015-01-27T11:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2025-09-05T21:18:01.615Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:etg3000_factorycast_hmi_gateway_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "18F4A2AF-AC0E-4CE8-A783-806E8D8C2A2D", "versionEndIncluding": "1.60.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxetg3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "46D2618A-486E-4055-BAFD-81F82C6B3D2A", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3010:-:*:*:*:*:*:*:*", "matchCriteriaId": "55B765EF-1FA4-4994-AE8C-E11BF4F9B95E", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3021:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB5F2A27-898A-4F8F-BAD5-FA64370A6B98", "vulnerable": true}, {"criteria": "cpe:2.3:h:schneider-electric:tsxetg3022:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D483984-53F3-4972-9F6D-9446C06891D5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session."}, {"lang": "es", "value": "El servidor FTP en Schneider Electric ETG3000 FactoryCast HMI Gateway con firmware hasta 1.60 IR 04 tienen credenciales embebidas, lo que facilita a atacantes remotos obtener el acceso a trav\u00e9s de una sesi\u00f3n FTP."}], "id": "CVE-2014-9198", "lastModified": "2025-09-05T22:15:33.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-27T19:59:10.810", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-020-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72258"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/77765"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}