Lucene search

[email protected]CVE-2016-2311

HistoryMay 30, 2016 - 1:59 a.m.

CVE-2016-2311

2016-05-3001:59:06

CWE-255

CWE-200

[email protected]

web.nvd.nist.gov

black box

alertwerks

servsensor

firmware

sp473

remote users

discover

passwords

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.0%

JSON

Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.

Affected configurations

NVD

Node

blackboxalertwerks_servsensor_junior_eme102a-r2Match-

blackboxalertwerks_servsensor_junior_eme103a-r2Match-

blackboxalertwerks_servsensor_junior_eme104a-r2Match-

AND

blackboxalertwerks_servsensor_junior_firmwareMatch-

Node

blackboxalertwerks_servsensor_contact_eme111a-20-r2Match-

blackboxalertwerks_servsensor_contact_eme111a-60-r2Match-

blackboxalertwerks_servsensor_contact_eme112a-20-r2Match-

blackboxalertwerks_servsensor_contact_eme112a-60-r2Match-

blackboxalertwerks_servsensor_contact_eme113a-20-r2Match-

blackboxalertwerks_servsensor_contact_eme113a-60-r2Match-

AND

blackboxalertwerks_servsensor_contact_firmwareMatch-

Node

blackbox_alertwerks_servsensor_eme106aMatch-

blackbox_alertwerks_servsensor_eme108a-r2Match-

blackbox_alertwerks_servsensor_eme109a-r2Match-

blackbox_alertwerks_servsensor_eme110a-r2Match-

blackboxalertwerks_servsensor_eme105aMatch-

AND

blackboxalertwerks_servsensor_firmwareMatch-

Node

blackboxalertwerks_servsensor_junior_eme152aMatch-poe

blackboxalertwerks_servsensor_junior_eme153aMatch-poe

blackboxalertwerks_servsensor_junior_eme154aMatch-poe

blackboxalertwerks_servsensor_junior_eme155aMatch-poe

blackboxalertwerks_servsensor_junior_eme158aMatch-poe

AND

blackboxalertwerks_servsensor_junior_firmwareMatch-poe

CPENameOperatorVersion
blackbox:alertwerks_servsensor_junior_firmwareblackbox alertwerks servsensor junior firmwareeq-

CPE	Name	Operator	Version
blackbox:alertwerks_servsensor_junior_firmware	blackbox alertwerks servsensor junior firmware	eq	-

References

ics-cert.us-cert.gov/advisories/ICSA-16-147-03

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.0%

JSON

Related for CVE-2016-2311

cvelist1 ics1 prion1 nvd1