CVE-2014-6617 – Softing FG-100 PB Hardcoded Backdoor

https://notcve.org/view.php?id=CVE-2014-6617

Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Softing FG-100 PB PROFIBUS, con firmware versión FG-x00-PB_V2.02.0.00, contiene una contraseña embebida para la cuenta root, lo que permite que atacantes remotos obtengan acceso administrativo mediante una sesión TELNET. Softing FG-100 PB comes with a hardcoded root account with a static password that cannot be changed by the administrator. • http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html http://www.securityfocus.com/archive/1/533902/100/0/threaded http://www.securityfocus.com/bid/70927 https://exchange.xforce.ibmcloud.com/vulnerabilities/98512 https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt • CWE-798: Use of Hard-coded Credentials •