Executive Summary

Summary
Title IntelliCom NetBiter devices have default HICP passwords
Informations
Name VU#902793 First vendor Publication 2010-04-05
Vendor VU-CERT Last vendor Modification 2010-04-07
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#902793

IntelliCom NetBiter devices have default HICP passwords

Overview

IntelliCom NetBiter devices ship with default passwords for the HICP network configuration service. An attacker with network access could change network settings and prevent legitimate users from accessing the HICP service.

I. Description

IntelliCom NetBiter products use the proprietary HICP protocol to configure ethernet and IP network settings. NetBiter devices ship with default, well-known HICP passwords. The password is not hard-coded (persistent) as described in the original post by Rubén Santamarta. The password is set by default but can be changed.

II. Impact

An attacker with network access could change network settings and prevent legitimate users from accessing the HICP service. HICP transmits the password in plain text, so the attacker may also be able to monitor HICP communication and read the changed password.

III. Solution

Change default passwords

Change the default password before deploying NetBiter devices in an production environment. Please see IntelliCom Security Bulletin ISFR-4404-0008.

Restrict access

Restrict access to SCADA, DCS, and other control system networks, particularly networks using open protocols like HICP.

Systems Affected

VendorStatusDate NotifiedDate Updated
IntelliCom Innovation ABVulnerable2010-03-19

References


http://blog.48bits.com/?p=781
http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1
http://support.intellicom.se/getfile.cfm?FID=151
http://osvdb.com/show/osvdb/61506

Credit

This information was published by Rubén Santamarta. The default password is also documented in NetBiter user manuals. ICS-CERT researched this vulnerability and confirmed that the HICP password can be changed and is not persistent.

This document was written by Art Manion.

Other Information

Date Public:2009-12-12
Date First Published:2010-04-06
Date Last Updated:2010-04-07
CERT Advisory: 
CVE-ID(s):CVE-2009-4463
NVD-ID(s):CVE-2009-4463
US-CERT Technical Alerts: 
Metric:0.00
Document Revision:20

Original Source

Url : http://www.kb.cert.org/vuls/id/902793

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 12
Hardware 1
Hardware 1

Open Source Vulnerability Database (OSVDB)

Id Description
61506 Intellicom NetBiter Firmware Default Persistent HICP Password

By default, NetBiter Firmware installs with a default password. The admin account has a password of 'admin' which is publicly known and documented. This allows attackers to trivially access the program or system.