CVE-2009-4463

Published Dec 30, 2009

Last updated 6 years ago

CVSS info 10.0

Overview

Description: Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-255

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "821CF156-EE67-4710-846F-9958C89F28B6"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "949AC3D0-B87C-45D7-953E-2EC42CAF55E1"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.11.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3BE6E86-7CDC-4478-8A8E-125FD1BC7E98"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.12.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C551AD7C-21AF-4D4D-BEFF-19D4E15F33EC"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.12.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E3AAB8E-0B30-4544-BC28-36DCAFE4E7A8"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.13.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "682C0FBA-03F7-4C83-8BA4-1A9125445104"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1900CA98-62FF-43CF-A95B-1AC61C238BC9"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBED14C5-A19E-4FFB-99E0-CB49FB494BD0"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.20.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BF175A2-5BE7-4F86-A8C9-0F562F221BB0"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.30.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BF18BA5-9A8D-41DB-83C0-BAD1EA3201B9"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.30.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1D48AAF-E361-4201-8C99-FCED8E256E02"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.30.2:b184:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCD1805D-FFF7-427A-B0B0-9D5543666A6F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_ws100:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCD25C93-C0EE-4EFD-8066-53CE3840BF1B"
          },
          {
            "criteria": "cpe:2.3:h:intellicom:netbiter_webscada_ws200:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01FE6CE4-81D4-47B9-A859-92E267712B49"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References