CVE-2009-4463
Severity CVSS v4.0:
Pending analysis
Type:
CWE-255
Credentials Management
Publication date:
30/12/2009
Last modified:
09/04/2025
Description
Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.11.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.11.2:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.12.4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.12.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.13.0:beta:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.13.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.13.2:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.20.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.30.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.30.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_firmware:3.30.2:b184:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_ws100:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intellicom:netbiter_webscada_ws200:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blog.48bits.com/?p=781
- http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1
- http://support.intellicom.se/getfile.cfm?FID=151
- http://www.kb.cert.org/vuls/id/902793
- http://www.osvdb.org/61506
- http://www.securityfocus.com/archive/1/508449/100/0/threaded
- http://blog.48bits.com/?p=781
- http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1
- http://support.intellicom.se/getfile.cfm?FID=151
- http://www.kb.cert.org/vuls/id/902793
- http://www.osvdb.org/61506
- http://www.securityfocus.com/archive/1/508449/100/0/threaded