TID-313: Unauthenticated Session Changes Credential

Threat Description

A threat actor can change or reset a password or credential without being authenticated. This can be used by a threat actor to set the credential to a known value and then use this to authenticate to the device.

Threat Maturity and Evidence

Known Exploitable Weakness
ATT&CK Technique: Create Account: Local Account (T1136.001)
“Adversaries may create a local account to maintain access to victim systems. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.”

CWE

CWE-287: Improper Authentication
“When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.”

CVE

Kunbus PR100088 Modbus Gateway (Update B) | CISA, CVE-2019-6527
“An attacker may be able change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.”

TID-313: Unauthenticated Session Changes Credential

Threat Description

Threat Maturity and Evidence

CWE

CVE

Device Properties: