CVE-2012-3020 - Vulnerability Details - OpenCVE

The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Synco Ozw Web Server Synco Ozw Web Server Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:h:siemens:synco_ozw_web_server:ozw672.01:::::::*
	cpe:2.3:h:siemens:synco_ozw_web_server:ozw672.04:::::::*
	cpe:2.3:h:siemens:synco_ozw_web_server:ozw672.16:::::::*
	cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.01:::::::*
	cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.04:::::::*
	cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.16:::::::*
	cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.250:::::::*
	cpe:2.3:h:siemens:synco_ozw_web_server:ozw775:::::::*

cpe:2.3:o:siemens:synco_ozw_web_server_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://support.automation.siemens.com/WW/view/en/41929231/130000
http://www.us-cert.gov/control_systems/pdf/ICSA-12-214-01.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2012-08-06T16:00:00Z

Updated: 2024-09-17T02:21:34.026Z

Reserved: 2012-05-30T00:00:00Z

Link: CVE-2012-3020

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-08-06T16:55:04.917

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-3020

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-06T16:00:00Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-214-01.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://support.automation.siemens.com/WW/view/en/41929231/130000"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2012-3020", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-214-01.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-214-01.pdf"}, {"name": "http://support.automation.siemens.com/WW/view/en/41929231/130000", "refsource": "MISC", "url": "http://support.automation.siemens.com/WW/view/en/41929231/130000"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:50:05.415Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-214-01.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://support.automation.siemens.com/WW/view/en/41929231/130000"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2012-3020", "datePublished": "2012-08-06T16:00:00Z", "dateReserved": "2012-05-30T00:00:00Z", "dateUpdated": "2024-09-17T02:21:34.026Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw672.01:*:*:*:*:*:*:*", "matchCriteriaId": "D2950AC7-80DE-40CD-8E66-7FB3558868AB", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw672.04:*:*:*:*:*:*:*", "matchCriteriaId": "38DC3B3C-881E-4491-B9EC-8B6B4D47C53B", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw672.16:*:*:*:*:*:*:*", "matchCriteriaId": "8B1E912C-508F-44D8-B6F8-D58C56D831F5", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.01:*:*:*:*:*:*:*", "matchCriteriaId": "62C0D55D-DA14-4448-A3A3-6FA0664E54C1", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.04:*:*:*:*:*:*:*", "matchCriteriaId": "C2F8BD63-1F14-48F7-A093-9BE611E934E9", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.16:*:*:*:*:*:*:*", "matchCriteriaId": "11748F0B-1F8D-4ED0-8E96-AA6FF2FD646E", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw772.250:*:*:*:*:*:*:*", "matchCriteriaId": "EBD16D17-5093-4C1C-8CE7-1493C7265C8A", "vulnerable": true}, {"criteria": "cpe:2.3:h:siemens:synco_ozw_web_server:ozw775:*:*:*:*:*:*:*", "matchCriteriaId": "CB680892-00E3-4541-9A2A-E2C7538E6DF4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:synco_ozw_web_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FFC51E6-19E5-4B6B-92EF-B264566AADE6", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session."}, {"lang": "es", "value": "Los dispositivos Siemens Synco OZW Web Server OZW672.*, OZW772.*, y OZW775 con firmware anterior a v4 tienen una contrase\u00f1a por defecto no especificada, lo que facilita a atacantes remotos a obtener acceso administrativo a trav\u00e9s de una sesi\u00f3n de red."}], "id": "CVE-2012-3020", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-06T16:55:04.917", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://support.automation.siemens.com/WW/view/en/41929231/130000"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-214-01.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.automation.siemens.com/WW/view/en/41929231/130000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-214-01.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}