Metrics
Affected Vendors & Products
Solution
Schneider Electric has produced an updated firmware, labelled V1.60 IR 04. This firmware release moves the jar files directory in a secure area. The new firmware also includes the ability to disable the FTP server. This updated firmware can be downloaded at: http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/?showAsIframe... http://www.schneider-electric.com/download/WW/EN/details/681790255-TSXETG30xx-V160-IR4/
Workaround
Schneider Electric recommends the FTP server be deactivated when not needed. The firmware update does not remove the hard-coded credentials. Narendra Shinde also found that configuration files were accessible using default credentials. Schneider Electric recommends users change the default login credentials. This will protect configuration files from unauthorized access.
Fri, 05 Sep 2025 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Schneider Electric ETG3000 FactoryCast HMI Gateway Use of Hard-coded Credentials | |
Weaknesses | CWE-798 | |
References |
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2025-09-05T21:18:01.615Z
Reserved: 2014-12-02T00:00:00
Link: CVE-2014-9198

No data.

Status : Deferred
Published: 2015-01-27T19:59:10.810
Modified: 2025-09-05T22:15:33.430
Link: CVE-2014-9198

No data.

No data.