Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Honeywell ControlEdge PLC 信任管理问题漏洞
Vulnerability Description
TCP(Transmission Control Protocol,传输控制协议)是一种面向连接的、可靠的、基于字节流的传输层通信协议,由IETF的RFC 793定义。Honeywell ControlEdge PLC是美国霍尼韦尔(Honeywell)公司的一款可编程逻辑控制器(PLC)。 Honeywell ControlEdge PLC 存在信任管理问题漏洞,该漏洞源于根证书是硬编码的,在首次调试时不会自动改变,这可能会使有SSH权限的攻击者获得对设备的完全控制权。
CVSS Information
N/A
Vulnerability Type
N/A