CVE-2012-3020

Published Aug 6, 2012

Last updated 13 years ago

CVSS info 7.5

Overview

Description: The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-255

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw672.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2950AC7-80DE-40CD-8E66-7FB3558868AB"
          },
          {
            "criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw672.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38DC3B3C-881E-4491-B9EC-8B6B4D47C53B"
          },
          {
            "criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw672.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B1E912C-508F-44D8-B6F8-D58C56D831F5"
          },
          {
            "criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62C0D55D-DA14-4448-A3A3-6FA0664E54C1"
          },
          {
            "criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2F8BD63-1F14-48F7-A093-9BE611E934E9"
          },
          {
            "criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11748F0B-1F8D-4ED0-8E96-AA6FF2FD646E"
          },
          {
            "criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.250:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBD16D17-5093-4C1C-8CE7-1493C7265C8A"
          },
          {
            "criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw775:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB680892-00E3-4541-9A2A-E2C7538E6DF4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:synco_ozw_web_server_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FFC51E6-19E5-4B6B-92EF-B264566AADE6",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References