{"vuid":"VU#902793","idnumber":"902793","name":"IntelliCom NetBiter devices have default HICP passwords","keywords":["scada","hms","hicp"],"overview":"IntelliCom NetBiter devices ship with default passwords for the HICP network configuration service. An attacker with network access could change network settings and prevent legitimate users from accessing the HICP service.","clean_desc":"IntelliCom NetBiter products use the proprietary HICP protocol to configure ethernet and IP network settings. NetBiter devices ship with default, well-known HICP passwords. The password is not hard-coded (persistent) as described in the original post by Rubén Santamarta. The password is set by default but can be changed.","impact":"An attacker with network access could change network settings and prevent legitimate users from accessing the HICP service. HICP transmits the password in plain text, so the attacker may also be able to monitor HICP communication and read the changed password.","resolution":"Change default passwords Change the default password before deploying NetBiter devices in an production environment. Please see  IntelliCom Security Bulletin ISFR-4404-0008.","workarounds":"Restrict access Restrict access to SCADA, DCS, and other control system networks, particularly networks using open protocols like HICP.","sysaffected":"","thanks":"This information was published by Rubén Santamarta. The default password is also documented in NetBiter user manuals. ICS-CERT\n researched this vulnerability and confirmed that the  HICP password can be changed and is not persistent.","author":"This document was written by Art Manion.","public":["http://blog.48bits.com/?p=781","http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1","http://support.intellicom.se/getfile.cfm?FID=151","http://osvdb.com/show/osvdb/61506"],"cveids":["CVE-2009-4463"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-03-18T19:56:09Z","publicdate":"2009-12-12T00:00:00Z","datefirstpublished":"2010-04-06T04:53:36Z","dateupdated":"2010-04-29T21:05:07Z","revision":20,"vrda_d1_directreport":"0","vrda_d1_population":"1","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"udp","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}