SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-638463628] Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-06-01OtherPhoenix Broadband Technologies LLCIñaki Rodríguez discovered this vulnerability and tested the patch. N/ACVE-2017-6039 N/AN/AN/A

Source

						
							
								
#
# Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller
#


### VULNERABLE VENDOR
Phoenix Broadband Technologies LLC


### VULNERABLE PRODUCT
PowerAgent SC3 Site Controller



### RESEARCHER
Iñaki Rodríguez discovered this vulnerability and tested the patch.



### AFFECTED PRODUCTS

Phoenix Broadband Technologies LLC reports that the following versions of PowerAgent SC3, a remote battery monitoring system (BMS), are affected:

PowerAgent SC3 BMS, all versions prior to v6.87



### IMPACT

Successful exploitation of this vulnerability may allow unauthorized access to the battery monitoring system.



### VULNERABILITY OVERVIEW

USE OF HARD-CODED PASSWORD CWE-259
Use of a hard-coded password may allow unauthorized access to the device.
CVE-2017-6039 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)





### BACKGROUND

Critical Infrastructure Sector(s): Communications, Energy, Government Facilities, Information Technology, Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Hatfield, Pennsylvania, USA




### MITIGATION

Phoenix Broadband Technologies LLC has issued updated firmware v6.87 to address this vulnerability. Users can obtain the new firmware by contacting Phoenix Broadband Technologies LLC.