CVE-2014-6617

Name of the Vulnerable Software and Affected Versions Softing FG-100 PB PROFIBUS firmware version FG-x00-PB V2.02.0.00

Description The issue is related to a hardcoded password for the root account in the firmware, allowing remote attackers to gain administrative access via a TELNET session. This is due to the use of predefined credentials. An attacker can exploit this to obtain root access to the device using a Telnet connection.

Recommendations For Softing FG-100 PB PROFIBUS firmware version FG-x00-PB V2.02.0.00, consider changing the hardcoded password for the root account to a unique and secure password to prevent unauthorized access. As a temporary workaround, consider disabling TELNET access until a patch is available. Restrict access to the device to minimize the risk of exploitation.