CVE-2009-4463
CWE-255Published: December 30, 2009· Updated: Jun 16, 2026
Official Description
Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords.
Technical Analysis
CVE-2009-4463 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
All References (12)
Quick Facts
Related CVEs (CWE-255)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2009-4463 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts