Lucene search

[email protected]CVE-2015-6476

HistoryNov 07, 2015 - 3:59 a.m.

CVE-2015-6476

2015-11-0703:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-6476

advantech

eki-122x-be

eki-132x

eki-136x

firmware

ssh

remote attackers

nvd

7.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

75.0%

JSON

Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.

CPENameOperatorVersion
advantech:eki-1321_series_firmwareadvantech eki-1321 series firmwarele1.96
advantech:eki-1322_series_firmwareadvantech eki-1322 series firmwarele1.96
advantech:eki-1361_series_firmwareadvantech eki-1361 series firmwarele1.17
advantech:eki-1362_series_firmwareadvantech eki-1362 series firmwarele1.17
advantech:eki-122x_series_firmwareadvantech eki-122x series firmwarele1.49

CPE	Name	Operator	Version
advantech:eki-1321_series_firmware	advantech eki-1321 series firmware	le	1.96
advantech:eki-1322_series_firmware	advantech eki-1322 series firmware	le	1.96
advantech:eki-1361_series_firmware	advantech eki-1361 series firmware	le	1.17
advantech:eki-1362_series_firmware	advantech eki-1362 series firmware	le	1.17
advantech:eki-122x_series_firmware	advantech eki-122x series firmware	le	1.49

References

ics-cert.us-cert.gov/advisories/ICSA-15-309-01

7.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2015-6476

ics1 cvelist1 prion1