Info

Disclosure

Oct 28, 2009

Discovery

Unknown

Dates

Exploit

Oct 28, 2009

Solution

Unknown

Description

By default, EtherMeter Telnet Server contains a default account. The hardcoded 'emeter' account has a password of 'emeter' that is publicly known and documented, which can be changed in the setup menu. This allows attackers to trivially access the system and gain privileged access.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: SCADA

Solution

Immediately after installation, change all default installed accounts to use a unique and secure password. When possible, change default account names to custom names as well.

Products

SCADAmetrics

EtherMeter

Unspecified

References

Vendor URL: http://scadametrics.com/
Vendor Specific News/Changelog Entry: http://scadametrics.com/PDF/EtherMeter_Manual_102.pdf

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86669