{"vuid":"VU#732671","idnumber":"732671","name":"Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings","keywords":["Cisco","Ethernet 3000","SNMP Community Names","scada"],"overview":"Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device.","clean_desc":"Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain well-known, hard-coded read and write SNMP community strings (names). The hard-coded strings are restored to the running configuration after a device reload. The SNMP service is disabled by default.","impact":"Successful exploitation of the vulnerability could result in an attacker obtaining full control of the device.","resolution":"Upgrade\nAccording to Cisco Security Advisory cisco-sa-20100707-snmp, the first fixed IOS  releases is 12.2(55)SE, currently scheduled to be available August 2010.","workarounds":"Disable default SNMP community strings Cisco Security Advisory cisco-sa-20100707-snmp provides detailed information about workarounds and mitigation techniques, including manually and automatically removing SNMP community strings.","sysaffected":"","thanks":"Information from Secunia and Cisco was used in this document.","author":"This document was written by Michael Orlando.","public":["http://secunia.com/advisories/40407/","http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml"],"cveids":["CVE-2010-1574"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-07-08T14:09:43Z","publicdate":"2010-07-07T00:00:00Z","datefirstpublished":"2010-07-12T19:16:50Z","dateupdated":"2010-07-12T19:26:09Z","revision":16,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"4","cam_impact":"20","cam_easeofexploitation":"19","cam_attackeraccessrequired":"8","cam_scorecurrent":"5.928","cam_scorecurrentwidelyknown":"6.384","cam_scorecurrentwidelyknownexploited":"10.944","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.928,"vulnote":null}