Lucene search

IcscertCVE-2015-3974

HistorySep 28, 2015 - 2:59 a.m.

CVE-2015-3974

2015-09-2802:59:01

CWE-255

icscert

web.nvd.nist.gov

cve-2015-3974

easyio

firmware

hardcoded password

remote attackers

accutrol

bar-tech automation

infocon/easyio

honeywell automation india

johnson controls

syxthsense

transformative wave technologies

tridium asia pacific

tridium europe

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

64.5%

JSON

EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors.

Affected configurations

Nvd

Node

easyioeasyio-30p-sf_firmwareRange≤0.5.20

easyioeasyio-30p-sf_firmwareRange≤2.0.5.20

AND

easyioeasyio-30p-sf

VendorProductVersionCPE
easyioeasyio-30p-sf_firmware*cpe:2.3:o:easyio:easyio-30p-sf_firmware:*:*:*:*:*:*:*:*
easyioeasyio-30p-sf*cpe:2.3:h:easyio:easyio-30p-sf:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
easyio	easyio-30p-sf_firmware	*	cpe:2.3:o:easyio:easyio-30p-sf_firmware::::::::
easyio	easyio-30p-sf	*	cpe:2.3:h:easyio:easyio-30p-sf::::::::

References

ics-cert.us-cert.gov/advisories/ICSA-15-237-02

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

64.5%

JSON

Related for CVE-2015-3974