Lucene search
CertccCVE-2015-2847HistoryJul 26, 2015 - 6:59 p.m.
CVE-2015-2847
2015-07-2618:59:00
CWE-284
certcc
web.nvd.nist.gov
29
cve-2015-2847
honeywell
tuxedo touch
client-side authentication
bypass
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
7.2
Confidence
Low
EPSS
0.003
Percentile
69.5%
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.
Affected configurations
Node
honeywelltuxedo_touchRange≤5.1.13.0_va
| Vendor | Product | Version | CPE |
|---|---|---|---|
| honeywell | tuxedo_touch | * | cpe:2.3:o:honeywell:tuxedo_touch:*:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2015-2847
2015-07-26 18:00:00
nvd
nvd
CVE-2015-2847
2015-07-26 18:59:00
prion
prion
Authentication flaw
2015-07-26 18:59:00
cert
cert
Honeywell Tuxedo Touch Controller contains multiple vulnerabilities
2015-07-24 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
7.2
Confidence
Low
EPSS
0.003
Percentile
69.5%
Related for CVE-2015-2847